SSL Configuration of LetsEncrypt Certificates - IOS Clients

void_in · September 12, 2019, 9:31am

Hello
We have issued SSL certificates for the openfire server with a wild card cert covering the domain openfire.company.com

The SSL configuration is done through the web interface Server -> SSL / TLS Certificates -> Identity Store -> Manage Store contents -> Imported here.

In the private key text box, the private key contents is pasted. And in the certificate file text box, the contents of fullchain.pem is pasted.

HTTP server is restarted and everything is working fine. The problem occurs when the SSL certificates are renewed. After renewal, no IOS client is able to communicate and the ios application needs to be uninstalled and then re-installed in order to work with the openfire server again.

Am I doing the SSL configuration wrong or have anyone else experienced the same issue? Any work around will be really appreciated.

wroot · September 12, 2019, 12:40pm

Maybe the problem is with the application. Maybe you can have a test install with some other client, maybe even Android and see if it has the same problem after the renewal. It sounds like the app caches cert somehow and reinstall clears this cache, but i never heard about such thing. Also to work with Let’s encrypt you can use Certificates Manager plugin and use a bot to drop new cert into a defined hot deploy folder, so you won’t have to do manual replacement.

void_in · September 12, 2019, 3:23pm

Thank you very much for your response. The problem is indeed with the IOS clients since Android clients are able to communicate with the server after the cert renewal without any problem.

Searching on this forum and others, it seems this problem was wide spread with IOS based clients and so I thought may it they didn’t require the fullchain.pem and instead there is another workaround I am not aware of.

Thanks once again. I will keep searching why the cert is cached in the IOS clients and if there is any working solution.