Skip to content

openfire

Jump to bottom
Davide Conzon edited this page Oct 6, 2019 · 1 revision

Procedure to enable SSL on openfire in Windows (in progress)

1. Initial steps

Add to the Path global variable the folder bin of the jdk installation

2. Create the certificates (no more required since version 4.0.0)

Open the Admin Console and go in Server Settings -> Server Certificates and click on the request to restart the server.

Here you will find two cerctificates, if for example the Server Name is davide-pc you will have a certificate with alias davide-pc_rsa and another one with alias davide-pc_dsa

3. Extract the certificate of the server

In the command line (Run as administrator) go in Openfire installation dir\resources\security and write the command

sudo keytool -export -alias [alias rsa] -keystore keystore -rfc -file pub.cer

where you have to replace [alias rsa] with the name of the rsa alias read in the admin console. In this example, the command is

sudo keytool -export -alias davide-pc_rsa -keystore keystore -rfc -file pub.cer

The password is: changeit

4. Import the certificate in Java keystore

If in the client machine, there are more than one JRE/JDK installed, you have two alternatives to be sure that your client is able to connect:

  • You can execute this step for every Java installation
  • You can check what JVM you are using (i.e. in eclipse you have the check in Window -> Preferences -> Java -> Installed JREs what is the JRE checked) and execute this step only for that location

In the client machine copy the pub.cer file in this location the pub.cer file in this location: JRE_HOME\lib\security (for example if you are using JDK to compile your program, it can be in Windows: C:\Program Files\Java\jdk1.8.0_45\jre\lib\security or C:\Program Files\Java\jdk-11.0.1\lib\security\ instead in linux: /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security or /usr/lib/jvm/java-1.11.0-openjdk-amd64/lib/security)

In the command line (it has to be launched as Administrator) go in the same location and write the command

sudo keytool -importcert -J-Duser.language=en -trustcacerts -file pub.cer -alias [alias rsa] -keystore cacerts

where you have to replace [alias rsa] with the name of the rsa alias read in the admin console. In this example, the command is

sudo keytool -importcert -J-Duser.language=en -trustcacerts -file pub.cer -alias davide-pc_rsa -keystore cacerts

The password is changeit, write yes (in the language used in text written in the command line) when the prompt asks "Trust this certificate?"

Getting Started

Clone this wiki locally