We're updating the issue view to help you get more done. 

Certificate Signing Requests are not generated when issuer name matches xmpp domain

Description

Certificate Signing Requests are not generated when issuer name matches xmpp domain. To reproduce this problem create new certificates and then complete the issuer information from the admin console. When entering the Name of the issuer use the XMPP domain of the server. Once saved you will go back to the certificates page but you won't be able to get the CSR information.

Both ssl-signing-request.jsp and ssl-certificates.jsp have a line like this:

// Self-signed certs are certs generated by Openfire whose IssueDN equals SubjectDN
boolean isSelfSigned = c.getSubjectDN().equals(c.getIssuerDN());

The problem is subjectDN was modified for 3.4.2 to be like issuerDN to be accepted by some CAs. We now need to use another logic to find out whether a certificate is self-signed or not. Certificates created by Openfire will use CN=[domain] as the subjectDN and issuerDN. When a CSR is created both fields (subjectDN and issuerDN) are updated to include the meta data (O=,ST=, OU=,etc.).

Environment

None

Acceptance Test - Entry

None

Assignee

Gaston Dombiak

Reporter

Gaston Dombiak

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Major
Configure