powered by Jive Software

Wildcard SSL Certificate installation

I am using openfire 3.6.0. I just purchased a wildcard SSL certificate *.domain-name.com. In Openfire our server name is im.domain-name.com. I went to Server >> Server Settings >> Server Certificate and click on Import.

Typed in the passphase, Content of Private Key file and Content of Certificate file. I copied the content from Plesk where the certificate was originally created. The status says “CA signed”. But when I go to Server page, beside the Server Name it shows ! icon with “Found RSA certificate that is not valid for the server domain”.

Please advice.

Do I have to do anything with keytool and java?

Love to hear who you succesfully installed a wildcard ssl cert in openfire 3.6.0.

Hey hosdes,

I wouldn’t care about that warning when using wildcard certs. I’m almost certain that the logic in that page is not considering that type of certs. Have you test it with a client and using server-2-server? If that worked then you are good and also let me know so we can fix that page. BTW, make sure to use an XMPP certificate and not a regular certificate for web sites. XMPP certs are much like regular web certs but with they also have special extensions for XMPP information. I’m not sure how many clients are using those extensions though.


– Gato

I did not know there was a different in ssl cert. I bought my wildcard certificate through rapidssl. Is it a difference cert I have to buy or install?

Hey hosdes,

Give it a try and see if it fulfills your needs. If not you can get XMPP certs for free from here.


– Gato

Is the client and s2s connecting to the same openfire? this is your question in the above posting for testing purposes.

Client testing: Test logging in from the list of supported clients you will use and see if none of them is complaining about the certificates. You can also check from the admin console in the session summary page if they are all using a lock.

S2S testing: disable server-dialback and make TLS required. Test if remote servers can connect to your server.


– Gato


On another server we have a single ssl cert installed on openfire 3.5.1 and through the browser I can connect to https://server-name.com:9091 and log on security.

With the new server having openfire 3.6.0 and wildcard ssl cert, I canno’t log in https://im.server-name.com:9091. Before installing the wildcard cert I could.

2/ spark client is not loggin in when the server name or ip address.

A test I did. Deleted my wildcard CA signed ssl cert. restarted httpd. created self-signed cert. I can log on spark client and through the browser for openfire admin cp using https://im.server-name.com. Yes my browser complains of the cert.

There is something with installing wildcard ssl certificates.

Here is what I am seeing.

with self-signed it is *.im.server-name.com. that is so our xmpp address is username@im.server-name.com. The * is before .im.server-name.com. Our wildcard cert is *.server-name.com. As soon as we put in our CSR into our self-signed cert the problems occur.

If you are using VPS you can do like this post : https://easypromocode.com/install-lets-encrypt-wildcard-ssl-free-vps-server/

Free Wildcard from Let’s Encrypt.