Wildcard SSL Certificate installation

hosdes · September 30, 2008, 9:30pm

I am using openfire 3.6.0. I just purchased a wildcard SSL certificate *.domain-name.com. In Openfire our server name is im.domain-name.com. I went to Server >> Server Settings >> Server Certificate and click on Import.

Typed in the passphase, Content of Private Key file and Content of Certificate file. I copied the content from Plesk where the certificate was originally created. The status says “CA signed”. But when I go to Server page, beside the Server Name it shows ! icon with “Found RSA certificate that is not valid for the server domain”.

Please advice.

hosdes · September 30, 2008, 9:35pm

Do I have to do anything with keytool and java?

hosdes · October 1, 2008, 8:19pm

Love to hear who you succesfully installed a wildcard ssl cert in openfire 3.6.0.

Gaston_Dombiak · October 1, 2008, 8:43pm

Hey hosdes,

I wouldn’t care about that warning when using wildcard certs. I’m almost certain that the logic in that page is not considering that type of certs. Have you test it with a client and using server-2-server? If that worked then you are good and also let me know so we can fix that page. BTW, make sure to use an XMPP certificate and not a regular certificate for web sites. XMPP certs are much like regular web certs but with they also have special extensions for XMPP information. I’m not sure how many clients are using those extensions though.

Regards,

– Gato

hosdes · October 1, 2008, 8:58pm

I did not know there was a different in ssl cert. I bought my wildcard certificate through rapidssl. Is it a difference cert I have to buy or install?

Gaston_Dombiak · October 1, 2008, 9:02pm

Hey hosdes,

Give it a try and see if it fulfills your needs. If not you can get XMPP certs for free from here.

Regards,

– Gato

hosdes · October 1, 2008, 9:02pm

Is the client and s2s connecting to the same openfire? this is your question in the above posting for testing purposes.

Gaston_Dombiak · October 1, 2008, 9:04pm

Client testing: Test logging in from the list of supported clients you will use and see if none of them is complaining about the certificates. You can also check from the admin console in the session summary page if they are all using a lock.

S2S testing: disable server-dialback and make TLS required. Test if remote servers can connect to your server.

Thanks,

– Gato

hosdes · October 1, 2008, 9:05pm

1/

On another server we have a single ssl cert installed on openfire 3.5.1 and through the browser I can connect to https://server-name.com:9091 and log on security.

With the new server having openfire 3.6.0 and wildcard ssl cert, I canno’t log in https://im.server-name.com:9091. Before installing the wildcard cert I could.

2/ spark client is not loggin in when the server name or ip address.

hosdes · October 1, 2008, 9:14pm

A test I did. Deleted my wildcard CA signed ssl cert. restarted httpd. created self-signed cert. I can log on spark client and through the browser for openfire admin cp using https://im.server-name.com. Yes my browser complains of the cert.

There is something with installing wildcard ssl certificates.

Here is what I am seeing.

with self-signed it is *.im.server-name.com. that is so our xmpp address is username@im.server-name.com. The * is before .im.server-name.com. Our wildcard cert is *.server-name.com. As soon as we put in our CSR into our self-signed cert the problems occur.

hulk · March 19, 2018, 8:07am

If you are using VPS you can do like this post : https://easypromocode.com/install-lets-encrypt-wildcard-ssl-free-vps-server/

Free Wildcard from Let’s Encrypt.