So, you´ve got a wildcard Certificate and Openfire says "no way dude"?
Here is my HowTo for it.
I´ve got my *.domain.com certificate from commodo, so it is possible, that your certificates look a little different, but have the same purposes.
After you got your certificates, look for this three in special:
certificate.crt, intermediate1.crt, intermediate2.crt, root.crt
You need your private key file too.
# Log into your Linux and make a temporary folder:
mkdir tmp && cd tmp
# Copy all the above files in that directory
# Chain all the certificates into one one file
cat certificate.crt intermediate1.crt intermediate2.crt root.crt > cert_bundle.pem
# Now we got all certs in one file, but we need to line-split them.
# Look for something like that: "-----END CERTIFICATE----------BEGIN CERTIFICATE-----"
# Now split them, so "-----BEGIN CERTIFICATE-----" is at the beginning of the next line. Repeat that for the further.
# When you are done, we need to create a pkcs12 file. Don´t use a password.
openssl pkcs12 -
-name yourserver.domain.com -
_bundle.pem -inkey mykey.key -out keystore.p12
# Now we use the keytool to create a new keystore, remember your password.
keytool -importkeystore -destkeystore keystore -srckeystore keystore.p12 -srcstoretype pkcs12 -
# Copy the keystore to your openfire directory
cp keystore /opt/openfire/.
Now we have everything in place and need to tell Openfire where to look. Change to your favorite webbrowser and log into your OpenFire Web-Console.
At Server Properties create a new Entry:
Property Name: xmpp.socket.ssl.keypass
With your Keystore Password as propertie Value.
Then get another new Entry:
Property Name: xmpp.socket.ssl.keystore
With the location of your keystore in Property Value. The rootdirectory is your openfire directory. If your keystorefile is in "/opt/openfire/keystoredir/keystore" you need "keystoredir/keystore"
At last tell openfire what storetype you are using.
Create a new Entry:
Property Name: xmpp.socket.ssl.storeType
With Property Value: JKS
Restart your server and all is good. If all is not good, I will try to help as much as I can.
Sorry for my english
This document was generated from the following discussion: HowTo Wildcard Certificate & OpenFire (Linux Version)