Finish import-certificate.jsp page

Description

We need to finish import-certificate.jsp and make it official. Pending tasks are:
1) Let admins paste the certificate chain. This could be done in the same textarea where the signed certificate is pasted or in a new textarea.
2) Let admins import root certificates to the truststore. We need to support this so that root certificates in the chain can be trusted.

Environment

None

Activity

Show:
Erik Dykema
April 24, 2009, 5:31 AM

Hi-
As of 4/23/09 , this still isn't quite working yet. Per the description: "1) Let admins paste the certificate chain" , I'm not able to import a certificate / chain.
I did the following:

1) Create a private key & CSR using OpenSSL (PEM format)
2) Had my CSR signed by the CA (GoDaddy)
3) Installed the key & cert into my webserver (apache2, same machine), to make sure the key & cert work.
4) Attempted to copy & paste the PEM key & PEM cert into openfire (Failed b/c of chain).

Then, I tried to do the following:
5) Use keytool to import the intermediate GoDaddy certs into the /etc/openfire/security/truststore (OK)
6) Add the certs via the admin interface (fail)

Then, I tried to do the following:
7) Use a 3rd party java program called ImportKey to create a "keystore" containing the key & certificate (OK)
8) Gave it the same default password (changeit)
9) Restarted Openfire.
10) Error messages via the admin web interface. Tried to connect anyway, no dice.

I realize this is a bug with the import-certificate page, and not really a bug on the finish-import-certificate page task, but I couldn't figure out how to create new tasks with this bug tracker.

Nick Barkas
April 18, 2007, 8:26 AM

Thanks Gaston. The certificate was created with OpenSSL, but I'll try out Keyman and see if it can help me out.

Gaston Dombiak
April 11, 2007, 1:15 AM

Hey Nick, you can certainly do that using command tools or Java truststore keytools like Keyman (http://www.alphaworks.ibm.com/tech/keyman). If certs were created with openssl then things could get a bit tricky but it is still possible to import cert chains.

Nick Barkas
April 10, 2007, 12:42 PM

Is there currently any way to import chained certificates into Openfire? I see that it isn't possible with import-certificate.jsp yet, but I'm wondering if I can do it with a keytool or something. I have a chained certificate I'd like to use now, if possible.

Fixed
Your pinned fields
Click on the next to a field label to start pinning.

Assignee

Gaston Dombiak

Reporter

Gaston Dombiak