I am running an Openfire server on Windows Server 2008 and need to import a SSL certificate on the server. The certificate which I need to import is already configured on a domain on IIS. The certificate which I am using is provided by Go Daddy. The first major issue which I have faced while importing is the Private Key and Certificate file not being available separately. The reason behind this is that the private key is not returned to the user while creating a CSR with the IIS. To extract the private key I need to export the certificate and then convert it into PEM format which contains both the private key and the certificate but this solution is not that much useable as I explain below.
I have tried various methods but I have had no success.
First I have tried following the SSL Guide provided by Openfire on the following URL:
I was able to successfully import a certificate using the above guide. After that I restarted the server and checked the Server certificates in the Openfire Admin Panel but I got the following error:
Unable to access certificate store. The keystore may be corrupt.
Later on I realized that the error was due to the fact that the certificate which I imported did not have private key with it.
Then I did some more research and went through the following post:
This guide had a specific step 4a which was relevant to my situation. It informed me to use OpenSSL to convert the PFX file to PEM and then use the import-certificate.jsp page to import the certificate. I provided the relative informatoin after extratcting it from the PEM file but I got the following error:
There was an error one importing private key and signed certificate.
I searched the above error online but did not find anything specific which could pin point to what the problem is. Right now I am stuck for the past 1 week on this and have not found anything which could give me an exact answer to where I am going wrong. Any help would be great. Thanks in advance.
Hey Umer Jaffer,
Did you ever got a solution to this problem? I'm having a similar problem with my openfire server running on windows 2008. Differences is that I have a wildcard SSL from GeoTrust.
I also followed the community guide to get it imported but I got this error:
There was an error one importing private key and signed certificate. Error message: org.bouncycastle.jce.provider.JCERSAPrivateCrtKey cannot be cast to java.security.KeyPair
Its not my intent to abuse on your post, just trying to know if you solved it since its pretty recent.
Actually the error that you get, I got it when removing the:
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
From both, the private key and the certificate.
I have same issue with Openfire 3.8.1 at Ubuntu 12.04.2 LTS. Certificate by StartCom
I have solved this puzzle today.
What I had:
What I needed to get it to work:
Steps to get it to work:
I think this is one of the best methods possible.
If it does not work, please reply. Maybe I have forgotten to mention something.
Added another pitfall
Got exactly the same error with a new ca-valid cert.
Problem was the format of the private key pem file :
In the PEM file, i got :
-----BEGIN PRIVATE KEY-----
instead of :
-----BEGIN RSA PRIVATE KEY-----
(diff from my old cert which was perfectly handled by openfire)
So, i had to convert my key file with OpenSSL :
openssl rsa -in privatekey.key -check
and paste the result to openfire.
Cert and intermediate certs go to the next field, in pem format, without any conversion.
That's worked for me.