Hello and thx in advance for your help,
after successfully testing openfire functionalities we decided to sign the self-signed certificated automatically generated by Openfire.
We generated teh csr from the web interface (http://xxx.offsec.com:9090/ssl-certificates.jsp), obtained the answers ( INSTALL CERTIFICATE and INTERMEDIATE CA) from the RapidSSL and put them back inside the two text filed in the same page http://xxx.offsec.com:9090/ssl-certificates.jsp…restarted openfire and everything looks fine as we have two host alias entries in that page:
-
RapidSSL CA (xxx.mydomain.com_rsa) Feb 18, 2020 CA Signed RSA
-
xxx.mydomain.com (xxx.mydomain.com_dsa) Nov 24, 2014 CA Signed RSA
The problem is whenever we try to login now, first of all we are prompted with an untrusted certificate (signed by the RapidSSL CA) whining about a host mismatch even if the host in the certificate is exactly the domain we are using to access Openfire (DNS name is setup correctly and it’s showing in the server properties too)… second, more important we can’t login anymore… even if we continue and accept the untrusted certificate the client hangs, we tried spark and ichat.
If I completelty disable SLL in both client and server I can login normally.
What am I missing?