Trying to establish server to serverr connection between our two openfire servers (from servera to serverb).
Notes:
-
Port 5269 is open between the two servers
-
Server to Server service enabled on both servers (Server -> Server Settings -> Server to Server)
-
Server names resolvable via DNS
-
Server Connection Security set to OPTIONAL on both servers
Below are the entries generated from the debug log viewer when trying to establish connection from a user in servera to another user in serverb. Issue appears to be related to TLS but this is strange since the Server Connection Security value is set to OPTIONAL.
014.02.04 16:55:10 000785 (01/05/00) - Connection #66 tested: OK
2014.02.04 16:55:10 000786 (01/05/00) - Connection #66 tested: OK
2014.02.04 16:55:10 000786 (01/05/00) - Connection #62 tested: OK
2014.02.04 16:55:10 000787 (01/05/00) - Connection #62 tested: OK
2014.02.04 16:55:22 000787 (01/05/00) - Connection #63 tested: OK
2014.02.04 16:55:22 000788 (01/05/00) - Connection #63 tested: OK
2014.02.04 16:55:24 LocalOutgoingServerSession: OS - Trying to connect to serverb:5269(DNS lookup: serverb:5269)
2014.02.04 16:55:24 LocalOutgoingServerSession: OS - Plain connection to serverb:5269 successful
2014.02.04 16:55:24 LocalOutgoingServerSession: OS - Indicating we want TLS to serverb
2014.02.04 16:55:24 LocalOutgoingServerSession: OS - Negotiating TLS with serverb
2014.02.04 16:55:24 LocalOutgoingServerSession: Handshake error while creating secured outgoing session to remote server: serverb(DNS lookup: serverb:5269)
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1015)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:4 80)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:11 20)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1092)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452)
at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:266)
at org.jivesoftware.openfire.net.TLSStreamHandler.start(TLSStreamHandler.java:160)
at org.jivesoftware.openfire.net.SocketConnection.startTLS(SocketConnection.java:1 69)
at org.jivesoftware.openfire.session.LocalOutgoingServerSession.secureAndAuthentic ate(LocalOutgoingServerSession.java:391)
at org.jivesoftware.openfire.session.LocalOutgoingServerSession.createOutgoingSess ion(LocalOutgoingServerSession.java:305)
at org.jivesoftware.openfire.session.LocalOutgoingServerSession.authenticateDomain (LocalOutgoingServerSession.java:144)
at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.sendPa cket(OutgoingSessionPromise.java:239)
at org.jivesoftware.openfire.server.OutgoingSessionPromise$PacketsProcessor.run(Ou tgoingSessionPromise.java:216)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1490)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:243)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshake r.java:1206)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.j ava:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:533)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:952)
at org.jivesoftware.openfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:31 7)
at org.jivesoftware.openfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:227)
… 10 more
Caused by: java.security.cert.CertificateException: root certificate not trusted of [*.serverb]
at org.jivesoftware.openfire.net.ServerTrustManager.checkServerTrusted(ServerTrust Manager.java:143)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshake r.java:1198)
… 17 more
2014.02.04 16:55:24 LocalOutgoingServerSession: OS - Going to try connecting using server dialback with: serverb