Openfire SSL instructions
The instructions for openfire ssl are incomplete. I had my certificate signed by a CA and following the instructions in the openfire ssl guide, I had difficulty. After you follow the steps down to the part about the truststore, you need to follow these instructions, replacing the filename, alias and password with your own. Once you import the signed cert into the truststore and restart openfire and go to the server certificates page, you will see that openfire now reports your cert as signed and all will be great. You can then require ssl communication and if you view sessions, it will show that they are secure. $ keytool -export -alias example.com -file mycert.cer -keystore keystore Enter keystore password: changit
Certificate stored in file mycert.cer
Then we need to create the truststore if it does not exist and import the certificate into the trueststore:
$ keytool -import -alias example.com -file mycert.cer -keystore truststore
Enter keystore password: opensource Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Serial number: 43bff927
Valid from: Sat Jan 07 18:23:51 CET 2006 until: Fri Apr 07 19:23:51 CEST 2006 Certificate fingerprints: MD5: CF:DC:71:A8:F4:EA:8F:5A:E9:94:E3:E6:5B:A9:C8:F3 SHA1: 0E:AD:F3:D6:41:5E:F6:84:9A:D1:54:3D:DE:A9:B2:01:28:F6:7C:26 Trust this certificate? [no]: yes
Certificate was added to keystore