Finally got an SSL certificate thru a 3rd party CA applied on my Openfire server (with Windows). I am now looking to verify that the SSL certificate is actively securing the connections to the server (messages and credentials).
Can anyone suggest how I can verify that the communications are secure between clients and the server?
Here is what I have done so far.
-
Ports 5222 and 5223 are open to the server thru the firewall. I can successfully connect over port 5222 when remote.
-
I have opened port 9091 for external use and can successfully connect to HTTPS://DNS_Server_Name:9091. This indicates that the SSL Cert is working correctly when accessing the admin console.
-
I have selected “Required - Clients can only connect to the server using secured connections.” and “Required - Connections between servers always use secured connections.”
Results and my questions from these changes -
-
Spark continues to connect as normal to the server, however when I edit the settings to connect on port 5223 i get the error “Invalid User Name or Password”. If I select 5223 and ‘Use old SSL Port Method’ Spark connects. This verifies the SSL Connection works fine internally.
-
Why, when secured connections are Required, is Spark allowed to connect over port 5222?
-
When connecting over my blackberry (using vyosphere) I am able to connect over port 5222. When changing to 5223, the connection errors out… Doesnt make any sense…
So after all of this, I am looking for ways to force secure connections between clients and openfire. I am confused by some of my tests - why people can still connect over port 5222 when secure connections are required and basic verification that the SSL cert is encrypting our connections.
Thanks for any thoughts or ideas!