Verisign SSL certificates openfire SAN

Hi all, we’ve been using openfire at my organization for some time now always with self signed certs. I recently placed an order for an SSL cert for one of my web servers and added as a SAN the url of this openfire server. I see a tremendous amount of struggling to get this stuff to work with openfire on the forums, but we would like to get away from self signed certs now that we are opening up our IM system to people outside the building.

I am not naive enough to think I can pull this off on my own and the ssl help page really doesn’t provide enough information for this to work or there wouldn’t be so many posts with unresolved/improperly working ssl certs on others openfire servers. Additionally I am no SSL expert so I am reaching out for help. I think my first step / issue is getting a correct CSR generated from openfire. Currently the CSR that shows a status of “signing request” under host alias shows the name of my server, not the address that the SAN has published. My guess is I need to address that before I get a proper SAN.

How do I change that and what are my next steps after submitting the CSR to verisign?


After redoing my install I have CSR’s for my url now, I’ve sent the CSR to verisign/symantec. Advice on what to do when I get it back? I hear trouble abounds with intermediate and root CA.