Wildcard certificate, SSL Handshake error on client

Hi folks,

I’ve installed OF 3.9.3 on Ubuntu 14.04.1 x64, Sun Java 1.8.0_31 64-bit, and am using Pidgin 2.10.9 on Ubuntu as a client.

I imported our wildcard SSL certificate into the server (Server certificates). I have also configured the server so that ports 5222 (SSL) and 5223 (SSL) are both SSL enabled (Server Ports). I entered by domain when installing (despite it asking in the Help ? for a server name. I tried the FQDN but that made my certificate bork so I re-installed), so now the hostname is in Host Name and the Server Name is my domain (Server Properties). The install was a bit confusing I thought. Moving on… The log files (info.log) shows this:

2015.02.17 22:05:01 org.jivesoftware.openfire.spi.ConnectionManagerImpl - Started SSL (encrypted) socket on port: 5222

2015.02.17 22:05:01 org.jivesoftware.openfire.spi.ConnectionManagerImpl - Started SSL (encrypted) socket on port: 5223

2015.02.17 22:05:07 org.jivesoftware.openfire.container.AdminConsolePlugin - Admin console listening at:



2015.02.17 22:07:34 org.jivesoftware.openfire.nio.ConnectionHandler - ConnectionHandler reports IOException for session: (SOCKET, R: /, L: /:5222, S: ./:5222)

javax.net.ssl.SSLHandshakeException: SSL handshake failed.

When I go to:


I get “This web page is not available” message.

In the warn.log, there is this message:

org.jivesoftware.openfire.container.AdminConsolePlugin - Admin console: Using RSA certificates but they are not valid for the hosted domain

Yet when looking at the Server certificates, there is a valid wildcard certificate there. So what’s up with that?

I’ve restarted the server, I’ve imported out public key (associated with this wildcard certificate) into the Certificates on Pidgin and still I get an SSL Handshake error and I cannot get to the SSL port on the OF web server. I have not updated the SRV records for the domain yet because I have a production server (a much older version of OF) running on that server. We have, in the past, used self-signed certificates, but I would like to use our wildcard now that we’re doing this upgrade.

Any help would be welcome. If there is more information that’s needed I would be more than willing to give it.