Installing a Signed SSL Certificate For Openfire 4 on CentOS
Openfire is a real time collaboration application server written in Java.
Checking Installed Certificates
To check for the installed certificates, run the following command:
/opt/openfire/jre/bin/keytool -list -v -keystore /opt/openfire/resources/security/keystore
Working in Keystore Directory
Change the path to the keystore directory.
cd /opt/openfire/resources/security/keystore
Generate a Private Key
keytool -genkey -alias yourhostname.com -keysize 2048 -keyalg RSA -keystore keystore
where yourhostname.com is the hostname that you will be accessing the server from (example: example.com or yourhostname.com)
Generate a 2048 bit CSR
keytool -certreq -file sslcert -alias yourhostname.com -keysize 2048 -keyalg RSA -keystore keystore
Submit the CSR to the CA
Use the following command to open the CSR:
vi sslcert
Copy and paste the content (called CSR) and submit it to the CA to verify the CSR (Example Godaddy, Thawte, Verisign…) and Sign the SSL
Upload the Certificates
After the CA approves and sign your SSL, download the ceritificates, you should have the signed certificate as well as the root CA and trust CA
Open the certificates you have downloaded from the CA, and open them in a text editor (like notepad or gedit).
On the server, create the signed cert, root cert and trustCA cert and paste the content from the text editor
vi rootCert
vi trustCert
vi signedCert
Import the SSLs in the following order:
keytool -import -trustcacerts -alias root -file rootCert -keystore keystore
keytool -import -trustcacerts -alias root_ca -file trustCert -keystore keystore
keytool -import -keystore keystore -alias yourhost.com -file signedCert
Delete the default old certs:
keytool -delete -keystore keystore -alias yourhost.com_rsa keytool -delete -keystore keystore -alias yourhost.com_dsa
Restart Openfire for changes to take effects
service openfire restart