well, l finally resolved the problem, so l just want to leave a note here in case other people see it.
So, the certificate and private key needs to be packed into a .p12 file then imported into the keystore of openfire server, so openfire knows what private key to use for the SSL handshake.
1 Like