powered by Jive Software

SSL still not working with 3.2.1

Hello,

I’'ve been trying to get my custom wildcard SSL certificates working under the newer versions of Wildfire and am at a breaking point. I have a keystore file which works perfectly under Wildfire v3.1.1 and yet under v3.2.1 I am getting “Pending verification” for my cert. Like I said this file works completely fine under v3.1.1. Under v3.2.0 it was completely broken, giving me all sorts of java errors. I have also tried the nightly build and found the same problem. Is SSL just going to remain broken on the newer builds of Wildfire?

Please advise.

-Ben Barshaw

Hi Ben,

I used the following steps to import my StartCom XMPP Federation certificate into Wildfire 3.2.1:

  1. Rename your truststore file in /resources/security to truststore.bak
    1.5 Download the new truststore file from http://wiki.igniterealtime.org/download/attachments/155/truststore?version=1 and save it into /resources/security

1.6 Restart the Wildfire service/daemon

  1. Login to Wildfire Admin with your browser

  2. Manually go to the following url: http://yourdomain:9090/import-certificate.jsp

  3. Copy and paste in your decrypted private key and your signed certificate into the appropriate fields

Does that work for you or do you get an error message?

Good luck,

Stuart

Message was edited by: stuartbain

Added Step 1.5

Stuart,

Thank you for getting back to me so quickly. Unfortunately when I attempt the method you suggested I get an error:

There was an error one importing private key and signed certificate. Error message: Failed to establish chain from reply

This is using my decrypted key and certificate I exported from the keystore file. I assume this means that it needs the root certificate as well yet I am not sure how to join/append that to the certificate I have.

Thanks again.

-Ben Barshaw

Hi Ben

I think you need to update your trustore. Have a look at the instructions in this upgrade guide http://wiki.igniterealtime.org/display/WILDFIRE/Wildfire+Upgrade+Guide. You will see that it talks about replacing the trustore at the end of the document. If you have your certificate authority in an existing trustore then you need to make sure that it is installed in the new trustore. The steps above don’'t seem to restore the trustore. If you are using Startcom as your CA then it is in the new trustore.

If you have changed the password of your current truststore, then you will need to change the password on the new truststore or update the xmpp.socket.ssl.trustpass property.

I hope this helps.

BR

David

Hey David,

Your reply is just perfect. I think that Stuart forgot step 1.5 which is “restore truststore bundled in new Wildfire”.

Let us know if you are still having this issue.

Regards,

– Gato

Ah - that’'s why the steps I documented worked on my dev Wildfire box but not on my live Wildfire box…

Have added step 1.5 to original post in case anyone else is having the same problem.

Thanks guys,

Stuart

Message was edited by: stuartbain

You guys are my heros. Thank you so much!