"There was an error one importing private key and signed certificate." SOLUTION

I was having trouble updating SSL certificate in OpenFire. Found a stupid trick to make it working. Please use following steps to fix this error.

Please follow below steps to update/install SSL certificate into OpenFire from GoDaddy. It has been working as of version 3.9.3.

Before doing update, please backup the folder /apps/opernfire/resources/security. Following procedure touches one or two files in that location. If you just want to backup files, backup /apps/opernfire/resources/security/keystore and /apps/opernfire/resources/security/truststore .

  • Make sure that port 9090 (unsecure admin console) is open in server firewall. If not, ask server admin to open the port.

  • Visit http://CHAT-SERVER:9090 (make sure it is http) and login using username/password.

  • Go to Server Settings -> Server certificates and click on “Import”. You will get the page with heading “Import Signed Certificate”.

  • Now enter the fields as below:

    • Pass Phrase used for creating Private Key: KEY
      If you don’t use any pass phrase, still enter something like “ABC” or “KEY” or something else. Just don’t leave this field empty.
    • Content of Private Key file: CONTENT_OF_SERVER.KEY
    • Content of Certificate file: CERT_CONTENT FOLLOWED BY GD_BUNDLE.CRT
      Note:Please make sure that gd_bundle.crt or all intermediate chain certificates are imported in truststore. Currently GoDaddy chain certificates are imported. To import it, use command:sudo keytool -import -trustcacerts -keystore truststore -alias com_godaddy_certificates -file com_godaddy_certificates.pem
  • Click “Save”. It will show you two certificates, the current one and the one which has been imported. It will also ask you to restart http server with link. Click on the “restart” to restart http server.

  • Once the server has been restarted, go to Server Settings -> Server certificates and delete the old one. Once you deleted, it will ask you to restart http server again. Please do so.

  • Verify the new cert from Client as well as https://CHAT-SERVER:9091.

1 Like

I have been struggling with this all day. I even reissued my certificate and did compiled the KeyStoreImport.java people recommended. I can’t believe the solution was to type gibberish in the private key password box. Thank you so much for posting this.