powered by Jive Software

Usability bug in security settings


sorry, ugly English…

I install and play with openfire.

One of first I change connection security in security settings from optional to required. Openfire has no certificate, and clients cant connect. Silently…

Openfire console cant alert me about certificate is required, and don`t disable required option.

I`m think is a usability bug. Alert and/or disable required option without certificate is a solution.

By default openfire should create self signed certificates. These should be able to be used for SSL. You can optionally install your own certificate. This is not a bug as the server should create the self signed certificates when it is installed and configured.

hmm… my installation without any certificate. a make self signed manually. maybe is a setup bug?

but i can remove default certificate, then change security settings. imho alert must be.

Actually if you remove the self sign certs the main configuration page for the server does alert you to a configuration error that must be fixed.

“are you sure you want to delete” is no alert about connection security

after remove certificate connection security anyway “required” and clients cant connect.

I meant that on the main Server Information page of the admin console there will be an error notice that you are missing or have invalid certs. I agree it could probably be more proactive if you have the settings to required but it does tell you on the server info page that there is an error with your configuration.