Using certificates generated with openssl


i created a cert req/key pair with openssl and got it signed by a CA.

Now I’'d like to import these for wildfire. However. I had no success with just importing the cert.

Do i need to import the key as well? How do i do this?


Hey Mario,

You will need to convert the openSSL certificate to be accepted by Java. Follow these 2 links to learn how to do that:

OpenSSL to Keytool Conversion tips

Using openssl & keytool

I know that the PKCS12Import (Jetty HTTP Server API) option of the first link has been successfully used.


– Gato

I just went through this myself…

The easiest way to do this is to get KeyMan from IBM Alphaworks.

With KeyMan you can take keys and certs generated by openssl and create a java jks type keystore. You can then go to System Properties and update/create the xmpp.socket.ssl.keystore property to the path of the keystore you just created.

Alternatively, you can use “openssl pkcs12” to convert your cert/key to a pkcs12 format which Wildfire (and most other Java apps) can use. You’'ll then have to set the xmpp.socket.ssl.storeType property to “pkcs12”. The openssl docs have examples. You can also look at the Tomcat docs:


Message was edited by: gtj