powered by Jive Software

Wildfire SSL initialization prblems after importing own certificate

Hi!

I generated my own SSL certificate and imported it into wildfire, like the wildfire doc advised me todo. Now if I open the SSL page in the admin page, it stays empty. Can somebody help me solving my problem?!

Generating SSL certificate with open ssl:

openssl req -new -x509 -newkey rsa:4096 -days 3650 -keyout privkey.pem -out server.pem

openssl rsa -in privkey.pem -out privkey.pem

cat privkey.pem >> server.pem

So, the SSL Certificat has no password!

and the wildfire error log is:

at java.lang.Class.newInstance0(Class.java:350)

at java.lang.Class.newInstance(Class.java:303)

at org.jivesoftware.wildfire.starter.ServerStarter.start(ServerStarter.java:82)

at org.jivesoftware.wildfire.starter.ServerStarter.main(ServerStarter.java:46)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:25)

at java.lang.reflect.Method.invoke(Method.java:585)

at com.exe4j.runtime.LauncherEngine.launch(Unknown Source)

at com.install4j.runtime.Launcher.main(Unknown Source)

2006.01.06 22:43:54 org.jivesoftware.wildfire.container.AdminConsolePlugin.initializePlugin(AdminCon solePlugin.java:170) Trouble initializing admin console

org.mortbay.util.MultiException[java.io.IOException: Keystore was tampered with, or password was incorrect]

at org.mortbay.http.HttpServer.doStart(HttpServer.java:673)

at org.mortbay.util.Container.start(Container.java:72)

at org.jivesoftware.wildfire.container.AdminConsolePlugin.initializePlugin(AdminCo nsolePlugin.java:164)

at org.jivesoftware.wildfire.container.PluginManager.loadPlugin(PluginManager.java :281)

at org.jivesoftware.wildfire.container.PluginManager.access$200(PluginManager.java :48)

at org.jivesoftware.wildfire.container.PluginManager$PluginMonitor.run(PluginManag er.java:658)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417)

at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:280)

at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:135)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101 (ScheduledThreadPoolExecutor.java:65)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodi c(ScheduledThreadPoolExecutor.java:142)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Schedu ledThreadPoolExecutor.java:166)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 650)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)

at java.lang.Thread.run(Thread.java:595)

java.io.IOException: Keystore was tampered with, or password was incorrect

at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:768)

at java.security.KeyStore.load(KeyStore.java:1150)

at org.mortbay.http.SunJsseListener.createFactory(SunJsseListener.java:227)

at org.mortbay.http.JsseListener.newServerSocket(JsseListener.java:193)

at org.mortbay.util.ThreadedServer.open(ThreadedServer.java:466)

at org.mortbay.util.ThreadedServer.start(ThreadedServer.java:495)

at org.mortbay.http.SocketListener.start(SocketListener.java:203)

at org.mortbay.http.HttpServer.doStart(HttpServer.java:703)

at org.mortbay.util.Container.start(Container.java:72)

at org.jivesoftware.wildfire.container.AdminConsolePlugin.initializePlugin(AdminCo nsolePlugin.java:164)

at org.jivesoftware.wildfire.container.PluginManager.loadPlugin(PluginManager.java :281)

at org.jivesoftware.wildfire.container.PluginManager.access$200(PluginManager.java :48)

at org.jivesoftware.wildfire.container.PluginManager$PluginMonitor.run(PluginManag er.java:658)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417)

at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:280)

at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:135)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101 (ScheduledThreadPoolExecutor.java:65)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodi c(ScheduledThreadPoolExecutor.java:142)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Schedu ledThreadPoolExecutor.java:166)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 650)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)

at java.lang.Thread.run(Thread.java:595)

If anybody can help me solving my problem. I would thank you!

Tamer

Tamer

Here is my post, it might help.

http://www.jivesoftware.org/community/thread.jspa?messageID=108095&#108095

you cannot change the password. It is not fixed yet.

I recently find that with self-signed certificate, I cannot use secure admin longin console which is using https and 9091.

wmhtet

I have made the steps in your documentation as you described, but the same problem exists firther, that wildfire outputs me a empty page at the section SSL through the web administration console.

What is the file truststore? Do I have to tell wildfire somehow and someway to trust my SSL certificate?

I do have the same problem on Windows and Linux!

SNIPSNIPSNIPSNIP

#Go to java’'s jre/bin, try the following keytool command to create “keystore”.

keytool -genkey -keystore keystore -alias myjiveserver.com -keyalg RSA -validity 3650

#Now you are going to make a “exported.crt” certificate from “keystore”.

keytool -export -alias myjiveserver.com -keystore keystore -file exported.crt

#You need to replace the file “keystore” in /jive_messenger/resources/security/ with the one you create

#Then don’'t be fooled by “What is your first and last name?” to put your name. Put your

#SERVER NAME, myjiveserver.com (keystore -alias).

#You also need to use “changeit” as a keystore password and don’'t change the password

#because Jive messenger is having an issue with different password. If it is fixed,

#please let me know.

Enter keystore password: changeit

What is your first and last name?

: myjiveserver.com

What is the name of your organizational unit?

: Whatever

What is the name of your organization?

: Whatever

What is the name of your City or Locality?

: Whatever

What is the name of your State or Province?

: Whatever

What is the two-letter country code for this unit?

: Whatever

Is CN=myjiveserver.com, OU=“Whatever”, O=“Whatever”, L=Whatever, ST=Whatever, C=Whatever correct?

: yes

Enter key password for <jive.redback.com>

(RETURN if same as keystore password):

SNIPSNIPSNIPSNIP

Hi,

the truststore file is like the keystore file just another keystore. You can create it just like the keystore file using the option -keystore truststore:

keytool -genkey -alias server.tld -keystore truststore -storepass changeit -dname “CN=server.tld, OU=foobar, O=foobar Development, L=Stuttgart, S=Baden-Wuerttemberg, C=DE”

keytool -selfcert -alias server.tld -keystore truststore -storepass changeit

LG

It works! My mistake, I had to leave the keystroke password being “changeit”. However, I have problems that my SSL Certificate is being initialized properly by jive messenger or PSI.

What do I have to do? I guess, it has something to do with the cipher algorithm and it’'s encryption capabilitys. How do I set these parameters properly that a successfully keygeneration of 4096 bit is being done and works either on the client side?

Tamer

Hi Tamer

I don’'t know what kind of trouble you have with PSI but the documentation I have provided is for PSI with SSL self-signed. Please read it again to see if it helps. Glad that you have figure out what you are missing. I wish that the SSL self-signed password issue got fix in next release.

Regards

Wmhtet

Thanks for your reply,

All tasks for PSI are done, later I discovered that Mozilla Firefox can’'t establish a secure connection to the jive-admin site either.

I guess, I made a mistake with the keygeneration. Can you tell me please how o do a keygeneration with 4096 bit of size and the correct ciphers (AES256) that the browser accept or the client would accept it?!

That would be nice. I didn’'t find the documentation of this “keytool” application.

Tamer

Hi Tamer

You can find keytool in the java directory or in jre if you are on windows

/jre1.5.0_06/bin

C:\Program Files\Wildfire\jre\bin

I suggest you to try all the steps I provided before. I don’'t know you finish the psi steps without using keytool. I suggest you to try clean installation if you are just testing now.

wmhtet