The instructions for openfire ssl are incomplete. I had my certificate signed by a CA and following the instructions in the openfire ssl guide, I had difficulty. After you follow the steps down to the part about the truststore, you need to follow these instructions, replacing the filename, alias and password with your own. Once you import the signed cert into the truststore and restart openfire and go to the server certificates page, you will see that openfire now reports your cert as signed and all will be great. You can then require ssl communication and if you view sessions, it will show that they are secure. $ keytool -export -alias example.com -file mycert.cer -keystore keystore Enter keystore password: changit