SSL Self Signed Certificate Fails

I’'m setting up a Wildfire for the first time and everything is working like a champ with one exception; attempting to use a SSL Self Signed Certificate.

I’‘ve followed the SSL Guide but it doesn’'t seem to work.

Here is my environment:

Windows Server 2003

Wildfire 3.0.1

Here is what I’'ve done:

Note: I’‘ve added keytool to my “path” so I don’'t have to reference it by directory first.

Note: Values that are in quotes are literal strings and values in angle brackets are variables.

cd c:“program files\wildfire\resources\security”

keytool -storepasswd -keystore keystore

{At the prompt I enter in the default password “changeit” and then set a new password. Let’'s call it “mypass”)

keytool -genkey -keystore keystore -alias <domain name of server>

{I enter the following: “mypass”, <domain name of server>, <OU Name>, <ORG Name>, “Portland”, “Oregon”, “OR”, “yes”}

{Press enter to use the same keystore password}

I press the Start button on the Wildfire admin console and I receive the following:

“Error starting SSL XMPP listener on port 5223: null”

"Wildfire 3.0.1

“Error starting admin console: Multiple exceptions”

I launch the admin console and login. I add the following system properties and their values:

“xmpp.socket.ssl.port” => “5223”

“xmpp.socket.ssl.storeType” => “jks”

“xmpp.socket.ssl.keystore” => “” (If it’‘s blank it’'s the default location)

“xmpp.socket.ssl.keypass” => “mypass”

“xmpp.socket.ssl.truststore” => “” (If it’‘s blank that’'s ok)

“xmpp.socket.ssl.trustpass” => “” (I don’'t have a trust store so I left it blank)

I restart the Wildfire server and the same errors occur:

“Error starting SSL XMPP listener on port 5223: null”

"Wildfire 3.0.1

“Error starting admin console: Multiple exceptions”

I launch the admin and login.

I click on the Security Settings link in the left menu and I find that the page on the right hand side is blank.

Meanwhile the admin console fills up with this:


at org.jivesoftware.wildfire.admin.ssl_002dsettings_jsp._jspService(ssl_002dsettin

at org.apache.jasper.runtime.HttpJspBase.service(

at javax.servlet.http.HttpServlet.service(

at org.mortbay.jetty.servlet.ServletHolder.handle(

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica

at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage( 8)

at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica

at org.jivesoftware.util.LocaleFilter.doFilter(

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica

at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica

at org.jivesoftware.admin.PluginFilter.doFilter(

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica

at org.jivesoftware.admin.AuthCheckFilter.doFilter(

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica

at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler. java:471)

at org.mortbay.jetty.servlet.ServletHandler.handle(

at org.mortbay.http.HttpContext.handle(

at org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.ja va:633)

at org.mortbay.http.HttpContext.handle(

at org.mortbay.http.HttpServer.service(

at org.mortbay.http.HttpConnection.service(

at org.mortbay.http.HttpConnection.handleNext(

at org.mortbay.http.HttpConnection.handle(

at org.mortbay.http.SocketListener.handleConnection(

at org.mortbay.util.ThreadedServer.handle(

at org.mortbay.util.ThreadPool$

Everything goes back to normal when I remove the system properties values and put the default keystore and truststore back in from the zip file.

My Java is weak, but I’‘ll try (at a later date - I don’‘t have time right now) to see what’'s causing the IO exception.

In the meantime, has anyone encountered these issues before and solved them?



Some jabber clients only work with RSA certs, others only work with DSA certs.

The default keystore from the package includes one of each.

I created both, then restarted the server and got it working.


This may sound like a silly question, but how do I create the two types?

I tried some syntax that I culled from another post, but on the DSA I got a message that read something like “alias is already in use.”

The aliases aren’'t really that important to have the server name.

I just named mine rsa and dsa.

Same error in the Wildfire console.

I did the following:

Replaced the keystore and the truststore with the default files that come with the default install.

cd c:“program files\wildfire\resources\security”

keytool -storepasswd -keystore keystore

{At the prompt I enter in the default password “changeit” and then set a new password. Let’'s call it “mypass”)

keytool -delete -keystore keystore -alias rsa

keytoll -delete -keystore keystore -alias dsa

keytool -genkey -keystore keystore -alias rsa -keyalg rsa

keytool -genkey -keystore keystore -alias dsa -keyalg dsa

No errors up to this point.

When starting Wildfire from the admin console, I still get the error: “Error starting SSL XMPP listener on port 5223: null”

I figured it out.

I checked the error.log file and it was stating that the keystore location was c:\program files\wildfire instead of c:\program files\wildfire\resources\security.

I had the xmpp.socket.ssl.keystore property set to an empty string, because of this, it was only looking at the Wildfire home directory.

The SSL documentation guide is a bit misleading in this.

It reads:

It should probably read: “The location of the keystore file relative to your Wildfire installation root directory. You can omit this property to use the default keystore.”

Alternatively, I could have put in “resources\security” and it probably would have figured it out. Since the keystore location with an empty property value is (in Windows) c:\program files\wildfire\ (notice the trailing slash).

One more thing, with Spark, I didn’'t have a problem making a connection, but with Exodus, I had an issue. I had to add a property in order for it to work. The property and its value are: xmpp.server.certifcate.verify => false.

I believe that Exodus is still using SSL encryption, but I can’'t be sure until I capture packets with Wireshark.