SSL handling and connecting to right port

There are two ways for using SSL certificates, both has there problems and both does not allow the use of the secured port 5223.

  1. to start with the selfsigned certificate, this can be created under TLS/SSL certificate tab and Identity Store. When created the certificate it has to be completed with the issuer information and send to the Certificate Authority (CA). This results in a Pending Verification. No information to found how to handle to get a good working CA certified certificate.

  2. the second option is the use of Letsencrypt verified certificates. After copy the contents of the privkey,pem and cert.pem in the right fields openfire acknowledge the certificate a signed approved certificate.

In openfire on port 5222 is set to Needed - A connection cannot be established if the peer does not present a valid certificate.
The result in both way of assigning a certificate (even with deleting one of them) give on Spark: Received fatal_alert: bad_certificate.

Please advice me:
How to get the selfsigned certicate validated and why a already verified certificate is not working properly.

The problem with bad certificate in Spark is solved only for the Letsencrypt certificates.
Altered the setting in Spark under security make active: required and Use direct TLS method. Spark ask you to add the certificate to the trusted list. This can go wrong, cancel the request and goto Certificates in the advance menu and tick the Exemted box behind the certificate. The connection is still running over the encrypted channel but could not check if the connection is really encrypted.
Any help would be appreciated in this.