I have a signed certificate from thawte that I use in apache, courier-imap, qmail, and jabberd2. When I load this certificate into wildfire, I’‘m unable to log in through the https admin console and gaim crashes when I try to log in. I can successfully use the bundled self signed certs to log in with both of those. I’‘m using the web admin console to load the certificates but I wouldn’‘t be adverse to using java’‘s keytool (although why have the ability in the admin console if it doesn’‘t work?). I tried this back with wildfire 2.5.1 and had the same problem (although this wasn’‘t the show stopper - which has been fixed since that release). What is it that I’'m missing here?
Were your certificates generated using the openssl tool? You will need to convert them to be able to use them in Wildfire (or any Java based application).
That was exactly the problem. I was able to start with the link you sent me but I found this page: http://blogs.warwick.ac.uk/kieranshaw/entry/creating_a_java/
Here were the steps I took (names changed to protect the innocent):
openssl pkcs12 -export -inkey server.key -in server.pem -name “my domain here” -out server.p12
I had to be sure to set a password to get the next program to work.
Then I downloaded and compiled the above class (KeystoreKeyImporter).
/usr/java/jre1.5.0_09/bin/java -classpath . KeystoreKeyImporter server.p12
That’'s it! I can now log into the ssl admin console and sign on with gaim (starttls) without any problems.
This begs the question, why when the admin console clearly tells you to paste an x509 cert does it not work? I feel like we could easily duplicate the above process in the admin console. It would make wildfire more accessible to people who haven’'t used java keystores before.
Thanks for your help. I wouldn’'t have even thought to try this.