powered by Jive Software

Wildfire and OpenSSL certificates: how i did it


I posted some days ago about using an existing SSL certificate in pem format, issued by a CA, to encrypt jive traffic.

After a lot of googling i found a solution that i want to share with you.

The problem:[/b]

we had a certificate issue by a CA,but we couldn’'t get keytool to recognize the certificate chain,since the key was not generated by keytool itself

The solution:[/b]

you need to have your certificate,your private key and the CA certificate. If your certificate was issued by an intermediate CA and not by a root CA you need a certificate bundle containing all the certificates from your issuer CA to the root CA. You also need to have OpenSSL installed.

Put the certificates and key in a directory and run:

openssl pkcs12 -export -in my.crt -inkey my.key -out keystore.p12 -name jabber -CAfile ca.crt -caname root -chain[/b]

When asked for the password set it to “changeit”

Then you must run this java class,contained in the jive application server (jetty):

org.mortbay.util.PKCS12Import /path/to/keystore.p12 /where/we/want/the/keystore[/b]

this will convert the pkcs12 keystore into a jks keystore that jive can use.

The easier way to run this class is to edit the wildfire startup script commenting the line that actually run the jive server. Then copy this line below and modify the startup command to run the class we need (the script yet set classpath and the other env variables needed, that’'s why this is the easier way). Then run the usual ./wildfire start,copy the converted keystore to jive_wildfire/resources/security and revert the startup script to what it was before restarting the jive server.

Hope this help someone


It helped a lot, however to keep things simple I´ve made an executable jar from org.mortbay.util.PKCS12Import.

Instead of doing all those tricks to run the class now you only have to do

java -jar PKCS12Import.jar /path/to/keystore.p12 /where/we/want/the/keystore

I would upload the jar if the forum permitted