Improve Certificate Store Management
In Openfire 4.0.0, certificate store management was modified extensively.
Some users report issues while upgrading from an older version of Openfire.
Also, the admin console lacks update functionality.
All changes from pull requests mentioned in this issue have been applied. Most of them will be part of both the 4.0.1 as well as the 4.1.0 release, with the exception of the SHA-1 to SHA-2 upgrade (which is a significant upgrade, which shouldn't go into a patch release but only in a normal release).
https://github.com/igniterealtime/Openfire/pull/515 was merged without changes. Merged with master as well as with 4.0 branch.
From https://github.com/igniterealtime/Openfire/pull/514 I have created new pull requests that, combined, contain all of the commits from this pull request:
https://github.com/igniterealtime/Openfire/pull/526 contains most commits, with an additional commit that restores the 5-year-validity for self-signed certificates. Merged with master as well as with 4.0 branch.
https://github.com/igniterealtime/Openfire/pull/527 contains the commit that replaces SHA-1 with SHA-2. Although desirable, we shouldn't have such a change in a patch release. Merged with master only.
https://github.com/igniterealtime/Openfire/pull/514 Various improvements, including:
creation of certificates with SHA-2 signatures
use of the new Bouncy Castle API for create certificates
reactivating the signing request feature
some bug fixes
introduces the option of having distinct sets of certificate stores for various connection types in Openfire. The default behavior causes the original (pre-Openfire 4.0.0) stores to be used when no others are detected.
The issues reported by users that upgrade from Openfire 3 appear to relate to instances in which the default password of the keystore has been updated, but not it's location. Openfire 4.0.0 does not appear to this up, and assumes that all defaults (including the password) is to be used. This causes issues, which are amplified by a poor visualization of this problem in the Admin Console.