Hi folks,
I’ve installed OF 3.9.3 on Ubuntu 14.04.1 x64, Sun Java 1.8.0_31 64-bit, and am using Pidgin 2.10.9 on Ubuntu as a client.
I imported our wildcard SSL certificate into the server (Server certificates). I have also configured the server so that ports 5222 (SSL) and 5223 (SSL) are both SSL enabled (Server Ports). I entered by domain when installing (despite it asking in the Help ? for a server name. I tried the FQDN but that made my certificate bork so I re-installed), so now the hostname is in Host Name and the Server Name is my domain (Server Properties). The install was a bit confusing I thought. Moving on… The log files (info.log) shows this:
2015.02.17 22:05:01 org.jivesoftware.openfire.spi.ConnectionManagerImpl - Started SSL (encrypted) socket on port: 5222
2015.02.17 22:05:01 org.jivesoftware.openfire.spi.ConnectionManagerImpl - Started SSL (encrypted) socket on port: 5223
2015.02.17 22:05:07 org.jivesoftware.openfire.container.AdminConsolePlugin - Admin console listening at:
[http://](http://)<DOMAIN-NAME>:9090
[https://](https://)<DOMAIN-NAME>:9091
2015.02.17 22:07:34 org.jivesoftware.openfire.nio.ConnectionHandler - ConnectionHandler reports IOException for session: (SOCKET, R: /10.2.16.33:43339, L: /:5222, S: ./:5222)
javax.net.ssl.SSLHandshakeException: SSL handshake failed.
When I go to:
https://.:9091
I get “This web page is not available” message.
In the warn.log, there is this message:
org.jivesoftware.openfire.container.AdminConsolePlugin - Admin console: Using RSA certificates but they are not valid for the hosted domain
Yet when looking at the Server certificates, there is a valid wildcard certificate there. So what’s up with that?
I’ve restarted the server, I’ve imported out public key (associated with this wildcard certificate) into the Certificates on Pidgin and still I get an SSL Handshake error and I cannot get to the SSL port on the OF web server. I have not updated the SRV records for the domain yet because I have a production server (a much older version of OF) running on that server. We have, in the past, used self-signed certificates, but I would like to use our wildcard now that we’re doing this upgrade.
Any help would be welcome. If there is more information that’s needed I would be more than willing to give it.
Hamish