How to Get SSL Working when Local and Public Domain Names are Different?

I can get RSA SSL to work in Openfire when the xmpp.domain and the xmpp.fqdn are the same as my Godaddy public hosted domain. SSL starts successfully and my Spark clients connect successfully. However whenever the xmpp.domain and the xmpp.fqdn are using my local Active Directory domain realm and then recreate the certificate request, the new certificate from Godaddy will not work.

The problem is that I must use the local realm domain name for my xmpp.domain and xmpp.fqdn fields for Single Sign-on to work. So the problem I am having is that I cannot get SSO and SSL working at the same time when my local domain and public domain with Godaddy have different names. For example if my local domain is example.local and my Openfire server’s fully qualified domain name is chat.example.local, and my Godaddy public domain is example.gov with the Godaddy certificate common name as chat.example.gov then SSL will not work.

I have been troubleshooting this for weeks and I cannot seem to find a work around. The only other thing I can think of is to rename my local Active Directory domain name to match the name of my public domain name. Do I really need to change my local domain name to match my public domain name to get SSL and SSO working together at the same time?

So I finally got both SSL and SSO working at the same time. However, I did have to rename our local Active Directory name to match the common name of the Godaddy certificate.

a little late seeing this, but you should not have had to rename your AD domain. Likely you just needed some DNS records, and an update to your keytab/sso configuration.

Hi speedy,

Yeah I tried adding the DNS records within a zone I created that matched the godaddy common name, and then I updated the keytab file to reflect the new realm name but SSO would not work. It seems I can only get SSO to work if the realm specifies the name of my local active directory name. So since I could only get SSL to work when the xmpp.domain matches godaddy’s common name, and I could only get SSO to work when the realm matches my local active directory domain, the only solution I could come up with to get both SSO and SSL working at the same time was to rename my active directory to match the domain name of the godaddy’s common name SSL certificate.

Anyway, changing my domain name wasn’t too much of a big deal. I just had to get all workstations to reboot twice which I had defined in in their scheduled tasks, and once I made the change I could finally get Openfire to work.