Fresh install of Openfire 4.1.6 and Spark 2.8.3 on Window systems, using Windows CA to generate RSA certificate. My xmpp domain name, server hostname, and Spark domain are all the fqdn of the server (server.mydomain.com). I imported my root certificate into the Trust store, and generated a CSR and inserted the certificate in the Identity store, all within the GUI. Under identity certificate store it shows the CA signed RSA certificate. Using IE, I am able to connect to https://server.mydomain.com:9091 and the certificate is fully trusted by IE, telling me the certificate is valid and trusted. When I attempt to connect using Spark, I get “Unable to verify certificate”. I can check the box to ‘accept all certificates’, but I need to have a trusted certificate that works correctly (from a security standpoint). I have spend several hours reading forums without Any ideas on what I am missing? Thank you so much for any assistance!
Spark is a Java application and uses Java’s keystore, not Windows one. So you have to import your cert into Spark’s Java keystore. But Spark 2.8.3 doesn’t support that. So “Accept all certificates” is your only option. There might be an option to do that with 2.9.0, which is not released yet. Discussed similar issue here Openfire - Spark unable to verify certificate
you can import the root ca into the java keystore used by spark. here is an example of the command. adjust your paths accordingly
“C:\Program Files (x86)\Java\jre1.8.0_45\bin\keytool” -importcert -keystore “C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\cacerts” -storepass changeit -file ROOTCA.cer -noprompt
Thank you for this info, but importing the root ca into the local java keystore did not make a difference. (Spark v2.8.3).
you have to import it into which ever java store that spark is using. if you are using spark with the bundled jre, than you would import it into c:\program files\spark\jre\lib\security\cacerts (or something like that)