Ssl woes

Greetings,

I am having trouble installing a signed SSL certificate. I have read through numerous threads, and still am stuck. Here’s what I’ve tried.

1 - Generated a CSR in Openfire, and sent that to a CA (Globalsign) to have signed. Pasting the reply in the web admin form doesn’t seem to do anything when I click save. I’ve tried pasting my certificate in both PEM and PKCS7 formats. The PKCS7 format included the root certs. I’ve added the Globalsign root certs to the truststore as well.

2 - Tried installing my own certificate that was signed by a CA (also Globalsign.) I can’t seem to install this cert using the web admin panel, but I can do so using the keytool command. After restarting the openfire service I can see my cert, but it says “pending verification”. I’ve also added the Globalsign root certs to the truststore.

Any help is appreciated. Thanks!

Solution:

My PEM file was incorrectly formatted. It must contain the prmary, intermediate, and finally root certificates in that order. Clicking save says “CA signed”, and SSL is working after a restart of the service.