Wildcard certs and Wildfire 3.2? General SSL weirdness!


After upgrading to Wildfire 3.2, I’'ve been unable to get SSL working. The port simply does not respond. I have imported my certificate into the keystore in the same way I did before (using a small java app to import a pre-signed cert). I even tried using my old keystore file.

Something has changed. At the top of the Server Certificates page I see “One or more certificates are missing. Click here to generate self-signed certificates.”. I do see my wildfire cert listed on the page…

  1.    *.zappos.com (chat.zappos.com)        Sep 6, 2008       (The certificate is not yet signed by a Certificate Authority. A signing request should be sent to the Certificate Authority so that it can be signed by the CA. The CA will return a new certificate once it has been approved and signed. The returned certificate will need to be imported into Wildfire.)        Pending Verification        RSA

But it seems to think it’‘s invalid. Obviously it’‘s already been signed by the CA (Geotrust, in this case), and is ready to use - but Wildfire thinks it’‘s not, and wants me to get it signed before it’'ll use it.

If I add the two self signed certs SSL will magically work -> it’'ll even use my cert… but under load the SSL service degrades to the point of being unusable. Throughout all this processor load does not go up hardly at all, while the SSL page never - ever - loads. As soon as the load is gone SSL works fine again.

SSL is a requirement for my chat project. We are trying to get a click to chat application going ASAP. We like wildfire. But we need SSL support. This is one of the problems that are keeping us from buying the licenses (and I think the other one should have been fixed by moving from 3.1.1 to 3.2.0 according to Gato and Derek). Any tips on how to make this work would be most appreciated.

Message was edited by: mruno