I am using openfire 3.6.0. I just purchased a wildcard SSL certificate *.domain-name.com. In Openfire our server name is im.domain-name.com. I went to Server >> Server Settings >> Server Certificate and click on Import.
Typed in the passphase, Content of Private Key file and Content of Certificate file. I copied the content from Plesk where the certificate was originally created. The status says “CA signed”. But when I go to Server page, beside the Server Name it shows ! icon with “Found RSA certificate that is not valid for the server domain”.
I wouldn’t care about that warning when using wildcard certs. I’m almost certain that the logic in that page is not considering that type of certs. Have you test it with a client and using server-2-server? If that worked then you are good and also let me know so we can fix that page. BTW, make sure to use an XMPP certificate and not a regular certificate for web sites. XMPP certs are much like regular web certs but with they also have special extensions for XMPP information. I’m not sure how many clients are using those extensions though.
Client testing: Test logging in from the list of supported clients you will use and see if none of them is complaining about the certificates. You can also check from the admin console in the session summary page if they are all using a lock.
S2S testing: disable server-dialback and make TLS required. Test if remote servers can connect to your server.
On another server we have a single ssl cert installed on openfire 3.5.1 and through the browser I can connect to https://server-name.com:9091 and log on security.
With the new server having openfire 3.6.0 and wildcard ssl cert, I canno’t log in https://im.server-name.com:9091. Before installing the wildcard cert I could.
2/ spark client is not loggin in when the server name or ip address.
A test I did. Deleted my wildcard CA signed ssl cert. restarted httpd. created self-signed cert. I can log on spark client and through the browser for openfire admin cp using https://im.server-name.com. Yes my browser complains of the cert.
There is something with installing wildcard ssl certificates.
Here is what I am seeing.
with self-signed it is *.im.server-name.com. that is so our xmpp address is username@im.server-name.com. The * is before .im.server-name.com. Our wildcard cert is *.server-name.com. As soon as we put in our CSR into our self-signed cert the problems occur.