powered by Jive Software

Ssl connection from openfire to postgres to counter clear text pwd?

Hello all,

I have a need to counter the fact that openfire.xml contains the jdbc connection credentials in clear text.

Has anyone been successful in creating a ssl only connection from openfire to postgres or any other db?

If so, could you provide a roadmap for how this was accomplished?

Thanks in advance!

G

Hi,

do you want to establish a secured connection between your database and Openfire? Then you may want to consult the Postgres documentation or a forum about creating a secured JDBC connection.Openfire will still store the password as plain text.

Or do you want to use a local certificate, keystore or wallet to store the key? I did never try this with Openfire, anyhow it may be possible.

LG

Thanks LG,

I was attempting(required) to connect to postgres using a secure connection.

I had already read the postgres docs and am having no luck.

I created server.crt on postgres machine and imported this into openfire’s jre/security/cacerts keystore

I created client.crt on jabber and dropped this into the postgres data directory.

I was getting the following error on postgres:

“could not accept SSL connection: sslv3 alert certificate unknown”

The quick(and hacky) fix for this was to change the openfire.xml parameter serverURL to not validate certs:

jdbc:postgresql://10.150.15.100:5432/openfire?ssl=true&sslfactory=org .postgresql.ssl.NonValidatingFactory

I am now getting a new error on openfire:

[org.jivesoftware.util.JiveGlobals.loadSetupProperties(JiveGlobals.java:835)]
java.io.IOException: Error on line 41 of document : The reference to entity “sslfactory” must end with the ‘;’ delimiter. Nested exce
ption: The reference to entity “sslfactory” must end with the ‘;’ delimiter.

Thanks.