XMPP connection via web client using PKI certificate


Users browsers to web site for PKI enabled XCP Server.

XMPP server is running Tomcat, webapp gets user PKI: certs = X509Certficate[] request.getAttribute(“javax.servlet.request.X509Certificate”);

XMPPConnection needs physical disc location set in ConnectionConfiguration config.setKeystorePath.

I tried using keytool and openssl to generate on web server.

keytool -genkeypair (using jid from certs[0] to generate newcert.ks

keytool -certreq to generate newcert.csr

openssl X509 -req to generate newcert.crt

keytool -importcert to import newcert.crt into newcert.ks

Problems I’m having

openssl returns “unable to load CA Private Key”.

I’m using newcert.ks with config.setKeystoreType(“JKS”) and getting SSLHankshake error.

Can anyone help me generate the PKI on the XMPP server?