HowTo Wildcard Certificate & OpenFire (Linux Version)

Version 1

    So, you´ve got a wildcard Certificate and Openfire says "no way dude"?

    Here is my HowTo for it.

    I´ve got my *.domain.com certificate from commodo, so it is possible, that your certificates look a little different, but have the same purposes.

    Let´s begin:

    After you got your certificates, look for this three in special:

    certificate.crt, intermediate1.crt, intermediate2.crt, root.crt

    You need your private key file too.

    mykey.key

    # Log into your Linux and make a temporary folder:

    mkdir tmp && cd tmp

    # Copy all the above files in that directory

    # Chain all the certificates into one one file

    cat certificate.crt intermediate1.crt intermediate2.crt root.crt > cert_bundle.pem

    # Now we got all certs in one file, but we need to line-split them.

    vi cert_bundle.pem

    # Look for something like that: "-----END CERTIFICATE----------BEGIN CERTIFICATE-----"

    # Now split them, so "-----BEGIN CERTIFICATE-----" is at the beginning of the next line. Repeat that for the further.

    # When you are done, we need to create a pkcs12 file. Don´t use a password.

    openssl pkcs12 -export -name yourserver.domain.com -in cert_bundle.pem -inkey mykey.key -out keystore.p12

    # Now we use the keytool to create a new keystore, remember your password.

    keytool -importkeystore -destkeystore keystore -srckeystore keystore.p12 -srcstoretype pkcs12 -alias yourserver.domain.com

    # Copy the keystore to your openfire directory

    cp keystore /opt/openfire/.

     

    Now we have everything in place and need to tell Openfire where to look. Change to your favorite webbrowser and log into your OpenFire Web-Console.

    At Server Properties create a new Entry:

    Property Name: xmpp.socket.ssl.keypass

    With your Keystore Password as propertie Value.

    Then get another new Entry:

    Property Name: xmpp.socket.ssl.keystore

    With the location of your keystore in Property Value. The rootdirectory is your openfire directory. If your keystorefile is in "/opt/openfire/keystoredir/keystore" you need "keystoredir/keystore"

    At last tell openfire what storetype you are using.

    Create a new Entry:

    Property Name: xmpp.socket.ssl.storeType

    With Property Value: JKS

     

    Restart your server and all is good. If all is not good, I will try to help as much as I can.

     

    Sorry for my english

     

    This document was generated from the following discussion: HowTo Wildcard Certificate & OpenFire (Linux Version)