Improve Certificate Store Management


In Openfire 4.0.0, certificate store management was modified extensively.

Some users report issues while upgrading from an older version of Openfire.

Also, the admin console lacks update functionality.




Guus der Kinderen
January 25, 2016, 10:47 AM

All changes from pull requests mentioned in this issue have been applied. Most of them will be part of both the 4.0.1 as well as the 4.1.0 release, with the exception of the SHA-1 to SHA-2 upgrade (which is a significant upgrade, which shouldn't go into a patch release but only in a normal release).

PR/commit details

Guus der Kinderen
January 19, 2016, 10:39 AM Various improvements, including:

  • creation of certificates with SHA-2 signatures

  • use of the new Bouncy Castle API for create certificates

  • reactivating the signing request feature

  • some bug fixes

Guus der Kinderen
January 19, 2016, 10:38 AM is intended to make Openfire more resilient against unexpected configuration properties, and re-enables changes through the admin console.

Guus der Kinderen
January 18, 2016, 11:22 AM

introduces the option of having distinct sets of certificate stores for various connection types in Openfire. The default behavior causes the original (pre-Openfire 4.0.0) stores to be used when no others are detected.

The issues reported by users that upgrade from Openfire 3 appear to relate to instances in which the default password of the keystore has been updated, but not it's location. Openfire 4.0.0 does not appear to this up, and assumes that all defaults (including the password) is to be used. This causes issues, which are amplified by a poor visualization of this problem in the Admin Console.



Guus der Kinderen


Guus der Kinderen