Verify SSL is working - please help

Finally got an SSL certificate thru a 3rd party CA applied on my Openfire server (with Windows). I am now looking to verify that the SSL certificate is actively securing the connections to the server (messages and credentials).

Can anyone suggest how I can verify that the communications are secure between clients and the server?

Here is what I have done so far.

  1. Ports 5222 and 5223 are open to the server thru the firewall. I can successfully connect over port 5222 when remote.

  2. I have opened port 9091 for external use and can successfully connect to HTTPS://DNS_Server_Name:9091. This indicates that the SSL Cert is working correctly when accessing the admin console.

  3. I have selected “Required - Clients can only connect to the server using secured connections.” and “Required - Connections between servers always use secured connections.”

Results and my questions from these changes -

  1. Spark continues to connect as normal to the server, however when I edit the settings to connect on port 5223 i get the error “Invalid User Name or Password”. If I select 5223 and ‘Use old SSL Port Method’ Spark connects. This verifies the SSL Connection works fine internally.

  2. Why, when secured connections are Required, is Spark allowed to connect over port 5222?

  3. When connecting over my blackberry (using vyosphere) I am able to connect over port 5222. When changing to 5223, the connection errors out… Doesnt make any sense…

So after all of this, I am looking for ways to force secure connections between clients and openfire. I am confused by some of my tests - why people can still connect over port 5222 when secure connections are required and basic verification that the SSL cert is encrypting our connections.

Thanks for any thoughts or ideas!