Using self signed certificates with Tigase XMPP server

Question

I am trying to use a self signed certificate, generated using http://docs.tigase.org/tigase-server/5.3.0/adminguide/#_server_certificates, to start the XMPP server. However, the server does not start logging the below mentioned exception error in logs/tigase-console.log

    SSLContextContainer.init()         WARNING:  Cannot load certficate from file: certs/tigase.mydomain.crt
    java.security.KeyStoreException: Cannot store non-PrivateKeys
            at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:250)
            at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:55)
            at java.security.KeyStore.setKeyEntry(KeyStore.java:909)
            at tigase.io.SSLContextContainer.addCertificateEntry(SSLContextContainer.java:199)
            at tigase.io.SSLContextContainer.init(SSLContextContainer.java:421)
            at tigase.io.TLSUtil.configureSSLContext(TLSUtil.java:89)
            at tigase.conf.ConfiguratorAbstract.setProperties(ConfiguratorAbstract.java:815)
            at tigase.conf.ConfiguratorAbstract.setup(ConfiguratorAbstract.java:550)
            at tigase.conf.ConfiguratorAbstract.componentAdded(ConfiguratorAbstract.java:182)
            at tigase.conf.Configurator.componentAdded(Configurator.java:50)
            at tigase.conf.Configurator.componentAdded(Configurator.java:33)
            at tigase.server.AbstractComponentRegistrator.addComponent(AbstractComponentRegistrator.java:115)
            at tigase.server.MessageRouter.addRegistrator(MessageRouter.java:141)
            at tigase.server.MessageRouter.setConfig(MessageRouter.java:696)
            at tigase.server.XMPPServer.start(XMPPServer.java:142)
            at tigase.server.XMPPServer.main(XMPPServer.java:112)

What seems to have gone wrong here. I tried to generate the private key with and without password but I get this same exception.

Files placed in the certs/ directory are client_truststore, keystore, rsa-keystore, tigase.mydomain.crt, tigase.mydomain.csr, tigase.mydomain.key, tigase.mydomain.pem and truststore

I used openssl req -nodes -new -newkey rsa:2048 -keyout tigase.mydomain.key -out tigase.mydomain.csr to generate the .key and .csr.

I used openssl x509 -req -days 365 -in tigase.mydomain.csr -signkey tigase.mydomain.key -out tigase.mydomain.crt to generate the .crt

I used cat tigase.mydomain.crt tigase.mydomain.key > tigase.mydomain.pem to generate the .pem

Am I doing something wrong in generating the key, certificate?

What I want to achieve is that use my self signed certificate because the client will also belong to me.

Your help is much appreciated.

PS:

I am using the latest code from the master branch that I pulled from the git repository. Compiling this code give the version = 5.3.0
Using open JDK 7

Thanks.

Tried to change the order in `.pem`-file? First key, then crt? — sebix, Oct 09 '14 at 20:27

score 1 · Accepted Answer · answered Oct 10 '14 at 13:08

This is fixed now. It was a silly mistake from me. I had put all the files (tigase.mydomain.crt, tigase.mydomain.csr, tigase.mydomain.key, tigase.mydomain.pem) generated. And the "tigase.mydomain.crt" is the certificate without any private key also gets picked up for adding to the keystore and this is where the server throws the exception. This time I just put the tigase.mydomain.pem file which has the private key too. The server gladly accepted my certificate.

Sorry about the confusion.

In short the solution is to just put the .pem file in the certs/ directory

Thanks for adding the answers. helped me for my problems. – Ganesh Krishnan Nov 14 '14 at 00:23 — Ganesh Krishnan, Nov 14 '14 at 00:23

Using self signed certificates with Tigase XMPP server

1 Answers1