9 Replies Latest reply on Apr 11, 2017 12:14 PM by Anthony

    Spark 2.8 and newer - unable to verify certificate

    Anthony

      Hello,

       

      Why does Spark 2.8 and newer snapshot builds not work with a complete SSL cert installed OpenFire server?

       

      I've tried BOTH "Letsencrypt" certificate. Along with a completely paid SSL cert by Comodo (multidomain) to match my FQDN "xmpp.example.com"

       

      Cert installed just fine... "service openfire restart". etc...    Server properties and environment  show correctly configured server.

       

      However - every time I connect to the Openfire XMPP Server with Spark I receive message "Unable to verify certificate"

       

      I do NOT deem a solution of "checking accept all certificates" a valid work-around or solution.

       

      There any fix for this? 

       

      xmpp.socket.ssl.active = true

      xmpp.socket.ssl.client.certificate.accept-selfsigned = false

        • Re: Spark 2.8 and newer - unable to verify certificate
          Daryl Herzmann

          Your openfire cert should match your `xmpp.domain`, not necessarily your `xmpp.fqdn`

          • Re: Spark 2.8 and newer - unable to verify certificate
            Anthony

            I've imported the root CA that signed my cert (Comodo)

             

            As far as the cert matching my 'xmpp.domain"  it 100% matches my domain name.

             

            My FQDN and domain name are the same on this server, as its not being tied into Active Directory or LDAP.  Running seprate

             

            HOWEVER -- now suddenly,  appears my Openfire server has lost its FQDN hostname setting?!

             

            reverted back to 'localhost'.     I've tried to rename this setting within server properties, also within the DNS settings area.. no dice. goes back to 'localhost'

             

            also made sure my /etc/hosts  file was proper  along with my hostname /etc/hostname

             

            Do I need to re-run installer?

            • Re: Spark 2.8 and newer - unable to verify certificate
              Anthony

              Yes I did...

               

              Spark 2.7.7 works beautifully without issue or complaint.      Tried using latest version of Trillian client as well;  works -- however throws erronous warning how server certificate does not directly match.  Even though within warning it says / shows the hostname/server being same exact FQDN

              • Re: Spark 2.8 and newer - unable to verify certificate
                Anthony

                Understood, but its EFFing annoying!

                 

                Had  Trillian XMPP Server (trial)  used a corp wild card cert. works beautifully without any issue.   Then migrated to Openfire and tried using same exact wildcard SSL cert... issues. Even following various guides and even re-creating cert store and rebuilding.

                 

                 

                I have a separate hosted openfire server that I'm now using with my Asterisk Servers with Asterisk-IM.  However this cert issue is making me grind my gears and really pissing me off.

                 

                I just paid for a separate SSL cert to explicitly match the FQDN, and still issue..... 

                 

                Just tried Pidgin same shit.

                 

                Certificate Information

                Common name: xxxxx.ajavoicetech.com

                Issued By: CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

                 

                Activation date: Wed Mar 15 20:00:00 2017

                Expiration date: Fri Mar 16 19:59:59 201

                 

                Accept certificate for xxxxx.ajavoicetech.com?

                 

                The certificate for xxxxx.ajavoicetech.com could not be validated.

                The certificate is not trusted because no certificate that can verify it is currently trusted.