Hello all,
I have a need to counter the fact that openfire.xml contains the jdbc connection credentials in clear text.
Has anyone been successful in creating a ssl only connection from openfire to postgres or any other db?
If so, could you provide a roadmap for how this was accomplished?
Thanks in advance!
G
Hi,
do you want to establish a secured connection between your database and Openfire? Then you may want to consult the Postgres documentation or a forum about creating a secured JDBC connection.Openfire will still store the password as plain text.
Or do you want to use a local certificate, keystore or wallet to store the key? I did never try this with Openfire, anyhow it may be possible.
LG
Thanks LG,
I was attempting(required) to connect to postgres using a secure connection.
I had already read the postgres docs and am having no luck.
I created server.crt on postgres machine and imported this into openfire’s jre/security/cacerts keystore
I created client.crt on jabber and dropped this into the postgres data directory.
I was getting the following error on postgres:
“could not accept SSL connection: sslv3 alert certificate unknown”
The quick(and hacky) fix for this was to change the openfire.xml parameter serverURL to not validate certs:
jdbc:postgresql://10.150.15.100:5432/openfire?ssl=true&sslfactory=org .postgresql.ssl.NonValidatingFactory
I am now getting a new error on openfire:
[org.jivesoftware.util.JiveGlobals.loadSetupProperties(JiveGlobals.java:835)]
java.io.IOException: Error on line 41 of document : The reference to entity “sslfactory” must end with the ‘;’ delimiter. Nested exce
ption: The reference to entity “sslfactory” must end with the ‘;’ delimiter.
Thanks.