We're updating the issue view to help you get more done. 

Finish import-certificate.jsp page

Description

We need to finish import-certificate.jsp and make it official. Pending tasks are:
1) Let admins paste the certificate chain. This could be done in the same textarea where the signed certificate is pasted or in a new textarea.
2) Let admins import root certificates to the truststore. We need to support this so that root certificates in the chain can be trusted.

Environment

None

Acceptance Test - Entry

None

Activity

Show:
Nick Barkas
April 10, 2007, 12:42 PM

Is there currently any way to import chained certificates into Openfire? I see that it isn't possible with import-certificate.jsp yet, but I'm wondering if I can do it with a keytool or something. I have a chained certificate I'd like to use now, if possible.

Gaston Dombiak
April 11, 2007, 1:15 AM

Hey Nick, you can certainly do that using command tools or Java truststore keytools like Keyman (http://www.alphaworks.ibm.com/tech/keyman). If certs were created with openssl then things could get a bit tricky but it is still possible to import cert chains.

Nick Barkas
April 18, 2007, 8:26 AM

Thanks Gaston. The certificate was created with OpenSSL, but I'll try out Keyman and see if it can help me out.

Erik Dykema
April 24, 2009, 5:31 AM

Hi-
As of 4/23/09 , this still isn't quite working yet. Per the description: "1) Let admins paste the certificate chain" , I'm not able to import a certificate / chain.
I did the following:

1) Create a private key & CSR using OpenSSL (PEM format)
2) Had my CSR signed by the CA (GoDaddy)
3) Installed the key & cert into my webserver (apache2, same machine), to make sure the key & cert work.
4) Attempted to copy & paste the PEM key & PEM cert into openfire (Failed b/c of chain).

Then, I tried to do the following:
5) Use keytool to import the intermediate GoDaddy certs into the /etc/openfire/security/truststore (OK)
6) Add the certs via the admin interface (fail)

Then, I tried to do the following:
7) Use a 3rd party java program called ImportKey to create a "keystore" containing the key & certificate (OK)
8) Gave it the same default password (changeit)
9) Restarted Openfire.
10) Error messages via the admin web interface. Tried to connect anyway, no dice.

I realize this is a bug with the import-certificate page, and not really a bug on the finish-import-certificate page task, but I couldn't figure out how to create new tasks with this bug tracker.

Assignee

Gaston Dombiak

Reporter

Gaston Dombiak

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Major
Configure