powered by Jive Software

Using tls in smack 4.3.4

Does anyone know how to configure tls in smack 4.3.4 ?. I’m using Openfire as a server.

What problem are you facing?

Hi, in reality I am not sure how to configure the smack and the server. I saw something about keyStore in some discussion forums but I didn’t understand it well and some are from very old versions. I would like to know how to use the certificate in smack and configure everything. Unfortunately the documentation provided by smack is small and incomplete. I’m noob :slightly_smiling_face:

Can you post your code?

Also see: https://download.igniterealtime.org/smack/docs/latest/documentation/

XMPPTCPConnectionConfiguration.Builder configBuilder = XMPPTCPConnectionConfiguration.builder();
configBuilder.setUsernameAndPassword("server1", "server1");
configBuilder.setXmppDomain("eduardo");
configBuilder.setHost("localhost");
configBuilder.setSecurityMode(XMPPTCPConnectionConfiguration.SecurityMode.disabled);
configBuilder.setPort(5222);
AbstractXMPPConnection connection = new XMPPTCPConnection(configBuilder.build());
connection.connect();
connection.login();

There is the configuration part. Security is disabled for now

Why would you disable security???
OP is asking how to enable it! (Smack enables security by default, so if you have a valid certificate on your server you are good to go out of the box!)

Also you don’t have to specify the port manually, as Smack uses 5222 by default.

Exception in thread "main" org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Great, now you’re asking for the certificate. So, there is no need to configure anything else in smack?. Is it only necessary to assign the certificate on the server? Do you have any idea how you do it in openfire or ejjaberd?

https://bfy.tw/OqPu

1 Like

Great idea :rofl: :rofl: :rofl:

One of the simple way is to use Let us Encrypt, if you do not have a certificate bought from CA