Improve Certificate Store Management

Description

In Openfire 4.0.0, certificate store management was modified extensively.

Some users report issues while upgrading from an older version of Openfire.

Also, the admin console lacks update functionality.

Environment

None

Acceptance Test - Entry

None

Activity

Show:
Guus der Kinderen
January 18, 2016, 11:22 AM

introduces the option of having distinct sets of certificate stores for various connection types in Openfire. The default behavior causes the original (pre-Openfire 4.0.0) stores to be used when no others are detected.

The issues reported by users that upgrade from Openfire 3 appear to relate to instances in which the default password of the keystore has been updated, but not it's location. Openfire 4.0.0 does not appear to this up, and assumes that all defaults (including the password) is to be used. This causes issues, which are amplified by a poor visualization of this problem in the Admin Console.

Guus der Kinderen
January 19, 2016, 10:38 AM

https://github.com/igniterealtime/Openfire/pull/515 is intended to make Openfire more resilient against unexpected configuration properties, and re-enables changes through the admin console.

Guus der Kinderen
January 19, 2016, 10:39 AM

https://github.com/igniterealtime/Openfire/pull/514 Various improvements, including:

  • creation of certificates with SHA-2 signatures

  • use of the new Bouncy Castle API for create certificates

  • reactivating the signing request feature

  • some bug fixes

Guus der Kinderen
January 25, 2016, 10:47 AM

All changes from pull requests mentioned in this issue have been applied. Most of them will be part of both the 4.0.1 as well as the 4.1.0 release, with the exception of the SHA-1 to SHA-2 upgrade (which is a significant upgrade, which shouldn't go into a patch release but only in a normal release).

PR/commit details

Fixed

Assignee

Guus der Kinderen

Reporter

Guus der Kinderen

Labels

None

Expected Effort

None

Ignite Forum URL

None

Fix versions

Affects versions

Priority

Major
Configure