SSL Instructions for Self Signed Certs

Hello All,

Can anyone that has successfully created a self-signed SSL Cert (without using any certificate authority, including CACert.org) for use with Jive Messenger please post a step-by-step command entry from start to finish, specifying what tools are used?

I am having alot of difficulties. The documentation doesn’'t appear to work, at least for me, and every change I make seems to damage my server install. The help everyone in the forums has given has been great, but I think I need that specific hand-hold on this.

I am willing to completely wipe out Jive Messenger and my MySQL DB configuration and start from scratch if needed.

I know SSL seems to get a lot of questions on the boards here. Hopefully if anyone here contributes this, it could help everyone.

Thank you in advance!

  • Ken

Ken,

I drove myself crazy for 3 days trying to figure this one out. You may or may not have the same problem as me, but here is what I experienced.

Changing the default keystore password from changit ended up being the culprit. This broke and still continues to break the SSL auth to our server every time. Non-secure would still work though.

So the workaround I have currently is leaving the password as-is. Any answer as to how to change the password without breaking connections via SSL would be great.

Hope this helps.

Using the source:

// Get the keystore password. The default password is “changeit”.

keypass = JiveGlobals.getProperty(“xmpp.socket.ssl.keypass”, “changeit”);

I have already modified that through the administrator. That really belongs with another post I made earlier today. I am really looking for some straight instructions on how to do this properly.

I do appreciate the help.

I guess to better answer your question…

I followed the instructions directly from the SSL documentation and ignored the keystore password changing part.

The important step was making sure I had alias.domain.com as the keystore alias and also as the CN entry when prompted.

I then logged into the web interface and uninstalled the default cert from SSL Settings and was left with the self-signed cert that I had created.

I would appreciate an updated step-by-step HowTo, too. I’‘ve read the existing ssl-guide 100 times, I’‘ve read all the postings which are dealing with importing certificates, and still no go. I guess I’'m too dumb for that?

After changing the default keystore password I’'ve tried to change the keyEntry password as well - but how you can do that the right way?

keytool -keypasswd -alias example.com -keystore keystore

doesn’‘t seem to work, it complains about the fact that I try to submit the same password as for the keystore…I wonder what’‘s the correct syntax? When I just change the keystore-pwd, the SSL-site remains empty, SSL doesn’'t start at all (of course).

My setup now is the same as jivers: “changeit” is the keystore- and keyEntry-pwd, I’‘ve imported my own certificate with keytool, then I’'ve removed the John Doe - certificate.

How can I/we change the appropriate passwords now?

Thanks in advance,

Tomas

It sounds like this is something that a few people are looking for. If someone were to jot these steps down. I would gladly write up “official documentation” to go to the project team for the website.

Open Source documentation is one of the few places a non-programmer like myself can help.

Anyone?

This is what I did to get SSL working, step by step:

  1. Open a command prompt\shell and change directories to the jre\bin folder in your Jive Messenger install folder.

  2. Enter the following command, but replace server.foo.bar with your servers name. (This creates a 10 year Sun RSA self-signed certificate)

keytool -genkey -keystore keystore -alias server.foo.bar -keyalg RSA -validity 3650

  1. You will then be prompted to enter the keystore password, enter: changeit

  2. It will ask you for your first and last name (CN), enter your servers name. In this example I would enter: server.foo.bar

  3. You can fill in the rest of the information as you see fit, such as the organizational unit, organization, city, etc…

  4. It will then ask you to enter a key password, just hit return to accept the keystore password of changeit.

  5. You now will have a keystore file in your jre\bin folder. Now either remove or rename your old keystore file in the resources\security folder.

  6. Move your new keystore file from jre\bin to the resources\security folder.

  7. Restart Jive Messenger and you should be set.

Note that I did not change the keystore password or make any modifications to the system properties as described in the Jive Messenger SSL guide.

Thank’‘s for writing that, but that’'s exactly the point where I am, too.

It can’'t be that hard I guess, so, again:

Can anyone post the two lines we need to change the KeyStore and KeyEntry - password without breaking SSL?

Thanks,

Tomas