Yukiru

HowTo Wildcard Certificate & OpenFire (Linux Version)

Discussion created by Yukiru on Jul 7, 2015
Latest reply on Dec 20, 2016 by tgtcat6

So, you´ve got a wildcard Certificate and Openfire says "no way dude"?

Here is my HowTo for it.

I´ve got my *.domain.com certificate from commodo, so it is possible, that your certificates look a little different, but have the same purposes.

Let´s begin:

After you got your certificates, look for this three in special:

certificate.crt, intermediate1.crt, intermediate2.crt, root.crt

You need your private key file too.

mykey.key

# Log into your Linux and make a temporary folder:

mkdir tmp && cd tmp

# Copy all the above files in that directory

# Chain all the certificates into one one file

cat certificate.crt intermediate1.crt intermediate2.crt root.crt > cert_bundle.pem

# Now we got all certs in one file, but we need to line-split them.

vi cert_bundle.pem

# Look for something like that: "-----END CERTIFICATE----------BEGIN CERTIFICATE-----"

# Now split them, so "-----BEGIN CERTIFICATE-----" is at the beginning of the next line. Repeat that for the further.

# When you are done, we need to create a pkcs12 file. Don´t use a password.

openssl pkcs12 -export -name yourserver.domain.com -in cert_bundle.pem -inkey mykey.key -out keystore.p12

# Now we use the keytool to create a new keystore, remember your password.

keytool -importkeystore -destkeystore keystore -srckeystore keystore.p12 -srcstoretype pkcs12 -alias yourserver.domain.com

# Copy the keystore to your openfire directory

cp keystore /opt/openfire/.

 

Now we have everything in place and need to tell Openfire where to look. Change to your favorite webbrowser and log into your OpenFire Web-Console.

At Server Properties create a new Entry:

Property Name: xmpp.socket.ssl.keypass

With your Keystore Password as propertie Value.

Then get another new Entry:

Property Name: xmpp.socket.ssl.keystore

With the location of your keystore in Property Value. The rootdirectory is your openfire directory. If your keystorefile is in "/opt/openfire/keystoredir/keystore" you need "keystoredir/keystore"

At last tell openfire what storetype you are using.

Create a new Entry:

Property Name: xmpp.socket.ssl.storeType

With Property Value: JKS

 

Restart your server and all is good. If all is not good, I will try to help as much as I can.

 

Sorry for my english

Outcomes