Another wildcard SSL refugee

Hello:

We have an Openfire 3.7.0 server on CentOS release 6.4 x86_64 and the following

domain_com_ee.crt

intermediate.crt

domain.key

apns-production-cert.pem

java version 1.7.0_25

I have these Ignite resources that I have been pouring over:

SSL Guide

How do I install a wildcard SSL certificate?

How to sucessfully import an existing StartSSL Cert & Key (Linux)

Import SSL Key and Certificate

Using Signed SSL Certificates in Openfire

ImportKey.class and ImportKey.java instructions

I have these non-Ignire resources that I have been pouring over:

Openfire and SSL/TLS Certificates - bigdinosaur.org

Securing Openfire Clients - bigdinosaur.org

Import private key and certificate into Java Key Store (JKS) -AgentBob

I have managed to get the domain_com_ee.crt and intermediate.crt into OpenFire 3.7.0 as a GeoTrust Certificate.

but the client reports “errors” using their custom Spark Client. He didn’t specify the nature of the “error” but I suspect that the client app simply needed to accept the “new” certificate.

When this occured, I noticed that a native Spark 2.6.3 client in Windows could not login with “Bad username, or password” message. Ports 5222 and 5223 both tried with the same result.

What must I do to get our wildcard RapidSSL certificate into openfire and the APNS certificate?

Will the clients’ app need to accept the new certificate, as I suspect?

Will the clients’ app need to be recompiled after coding it to use port 5223?

For the past 2 days, I have been working through CoolCat’s post here… but it’s 7 years old.

Thank you for your time.

bump.