Support In-house Certificate Authority

Mike_Burr · June 8, 2012, 7:45pm

We have our own CA that we use to sign certs internally. I cannot get Openfire to honor it. The only thing I know to do is add it to a keystore and use the -Djavax.net.ssl.keyStore -Djavax.net.ssl.keyStorePassword options at start time.

I’ve done this, but when I paste my key/cert into /import-certificate.jsp I get “There was an error one importing private key and signed certificate. Error message: Failed to establish chain from reply”.

I (incorrectly?) interpret this to mean that Openfire is not reading/including my CA.

What do I need to do in order to get Openfire to honour our CA.

-mburr

Mike_Burr · June 8, 2012, 8:03pm

http://community.igniterealtime.org/message/151010#151010 Looks promising, but I don’t know/don’t want to reset the passphrase for truststore

Mike_Burr · June 13, 2012, 7:20pm

(egregious self-bump)

This doesn’t seem like that far-out of a request. Even comercial CAs need to be imported by hand now and then. How is this handled?

Or: what are the passwords (if any) for /resources/security/* ?

Mike_Burr · June 13, 2012, 7:34pm

Success: the password is “changeme”