Just viewing the certificates should be fine. I’m a little puzzled about that one…
The steps to get basic SSL working for clients are very simple, really. If you go through the setup process for Openfire, it, by default, will create 2 self-signed certificates (one RSA and one DSA). You can view these certificates through Sever >server settings>server certificates.
For TLS for clients on port 5222, this is all you have to do - you can check if clients use encryption in the session overview (small padlock).
Getting the old (depreciated) SSL method working usually requires getting a CA signed certificate, self-signed certificates may or may not work in that case.
What I did myself for this was to get registered at XMPP.net with my server, and use their interface to Startcom SSL to get a certificate created and issued to me. (meaning, I didn’t use the Openfire CSR creation method, but let Startcom generate the private key and CSR internally).
After getting my certificate issued, I made sure to import the Intermediate CA certificate (sub.class1.xmpp.ca.crt) and CA root certificate (ca.crt) into my truststore with keytool (root one first!):
keytool -import -v -trustcacerts -file ca.crt -alias xmpproot -keystore truststore
keytool -import -v -trustcacerts -file sub.class1.xmpp.ca.crt -alias xmppica -keystore truststore
after that was done, I went to the server certificates page in the admin console, and used the “import” link from there, pasting the private key (after decrypting it with openssl), typing my password, and pasting the certificate. After that, I removed the self-signed RSA certificate.
The result being that old style SSL (5223) works, and the admin console SSL properly encrypts to the CA signed certificate, so does the TLS on 5222. Unfortunately, server 2 server encryption doesn’t seem to work because of some problem with the certificate I got from xmpp.net in openfire.
Hope this helps!