This worked for me: http://forum.startcom.org/viewtopic.php?p=5814&sid=154fd2aed9609c4e6ba2c4598433d 8e5#p5814
For OpenFire users on Unix/Linux, these are the instructions I spent about 5 hours trying to find out.
1 Open terminal.
2 Go into the root user. (sudo -s/su)
3 change your directory to /resources/security/ (cd /usr/local/openfire/resources/security/)
4 Download http://www.startssl.com/certs/ca.crt and http://www.startssl.com/certs/sub.class1.server.ca.crt and place them some were it is easy to access, I put mine in the root of my hard drive.
5 Run these commands in your terminal session
keytool -import -keystore truststore -trustcacerts -alias startcom.ca -file /ca.crt
keytool -import -keystore truststore -alias startcom.ca.sub -file /sub.class1.server.ca.crt
6 Restart your openfire server, on mac you go into the system preferences and choose the openfire panel.
7 Visit your servers control panel, http://localhost:9090/, and go into the server settings tab and the Server Certificates menu.
8 Delete the self signed certificates.
9 Click on the import link.
10 Place your key’s password, key, and certificate in the right fields and your done.
Note: it may say “One or more certificates are missing. Click here to generate self-signed certificates or here to import a signed certificate and its private key.” Just ignore that, it’ll still work.
Hope this helps someone else, and also me when I need to go through this again.
There were a few additional things I had to do, however.
If you get an error between Steps 7 and 8, or 8 and 9, do the following:
- Log into your server
- Go to the Server Manager
- Go to Server Properties
Add the following:
Once you add those, restart your server. Then go do steps 6+. Once it is able to locate the proper repository/permissions, it will allow you to delete the temp keys, and import your own.
DO NOT import the unencrypted key. Enter your passphrase that StarCom made you enter when encrypting your key. Then paste in the ENCRYPTED key, and your ssl.crt certificate. Once you do that, you can press submit, and all should be fine.