powered by Jive Software

SSL question


-0- I am using version 1.0.5

-1- Has you probably know your SSL certificate will ended on the 22/07/2003 …

-2- I am wondering what is the procedure to add my own certificate with JiveMessenger. What are the impacted files ? What modifications have to be done ? Once again “bad new” ! It is also a “mandatory”

Thank you for your support and for your modification regarding the user registration. Well done



Thanks for catching the cert expiry. We’'ll have another one in the next release.

Messenger uses Java’‘s built in support for key stores so the exact procedure for generating and installing certificates depends on your jvm. Assuming you’‘re using Sun’‘s JDK, you’‘ll need to use the keytool that ships with the JDK. Typing ‘‘keytool’’ gets you the list of commands you’'ll need.

Using the keytool program is a bit too involved to cover here. There is a good tutorial on the Java website, and the html instructions that ship with the JDK (under the tools manual pages for ‘‘keytool’’) does a good job explaining what to do with the keytool to use it. Most Java security books also discuss how to use the keytool in depth.

The server is setup to use the keystore file in the JIVE_HOME/security directory. You can change this to point to any keystore file by editing the appropriate fields in the JIVE_HOME/config/jive-messenger.xml file. You should be aware there are two possible key files. The ‘‘keystore’’ holds the server certificates to let clients know the server is who it says it is; the ‘‘truststore’’ holds the client certificates to let the server know a particular client is who it says it is. It’'s common to have a keystore without a truststore (meaning clients are not authenticated to the server using SSL).

In the keystore, aliases should be set to the server name. Server certificates are retrieved based on the socket name so you should have a different certificate entry for ‘‘company.com’’ and ‘‘im.company.com’’ even if both point to the same machine.

As a quick answer though, assuming you’‘re going to use a self-signed certificate, just change directory to the security directory where you should see our default keystore file. Use ‘‘keytool -genkey -keystore keystore -alias server.com’’ (where server.com is the name of your IM server) and enter the password for your keystore (by default the one that ships with Messenger is ‘‘changeit’’). Enter the information it prompts for, and make sure your key password is the same as your keystore password (just hit ‘‘enter’’ to the key password). That’'s about all you need to do. There should be no need to create or delete files.

Hope this helps. if not, let me know where you need more information.



Quick update. We’'re including better documentation on setting up SSL for Messenger with the 1.0.6 release which should be coming out end of this week or early next.