1

I'm having a rough time getting SSL configured properly on an Openfire install. Quite honestly, I just don't know what to do. It seems convoluted on the steps necessary to get a cert imported. Has anyone out there successfully done this?

I'm running Openfire 3.6.4 on Windows Server 2003 R2. I have a signed UC cert which is ready to roll, I just don't know what to do with it. I've been through tons of tutorials on converting between various format using openssl and java tools, but its only getting more confusing as I go.

fuero
  • 9,413
  • 1
  • 35
  • 40
DanBig
  • 11,393
  • 1
  • 28
  • 53
  • According to the [official documentation](http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ssl-guide.html) there is a web GUI for certificate administration. Can you tell us exactly what is failing? My recollection from the last time I set up OpenFire was that is was relatively easy, but that was a year or so ago. – larsks May 26 '12 at 01:47

2 Answers2

1

I've done this before with a star cert, and it was horribly painful. If I recall correctly, I had to manually import it into the Java keystore using the java certificate tools and add my CA cert in the same way. I believe the correct certificate format is PEM for this.

Kyle
  • 1,589
  • 9
  • 14
  • 1
    ad painful install: You may create a `PKCS12` keystore with `openssl` (private key + certificate + certificate chain), which you can convert to a Java keystore (JKS) with `keytool` (shipped with a JDK) – fuero Feb 05 '13 at 10:43
0

.crt is not a format although its often used to indicate a certificate file. Microsoft do .cer files which are the same as .der and you can swap the extension happily.

To convert from der to pem you can use openssl

openssl x509 –in input.crt –inform DER –out output.crt –outform PEM

Where did you get your cert from and what was its extension when you got it?

Mark Sutton
  • 636
  • 5
  • 7
  • I've got my cert in all the above formats. I've also got my private key as a .key file. It's the actual part of getting it working with Openfire. – DanBig Dec 15 '09 at 20:26
  • Have you checked this out would seem to explain what to do with the certs. http://www.igniterealtime.org/community/docs/DOC-1092 – Mark Sutton Dec 15 '09 at 21:20
  • Been through that document. Also, it's outdated, as the software isn't even called Wildfire any longer. – DanBig Dec 15 '09 at 21:40