Sync Openfire's truststore with Mozilla's shipped CAs

Description

Need to include letsencrypt CA to support letsencrypt usage by Openfire

Openfire's distributed truststore already has "dst_root_ca_x3", so I have taken the liberty to hijack this ticket to be more general "update truststore" to match what Mozilla provides

Environment

None

Activity

Show:
Daryl Herzmann
August 15, 2016, 2:59 PM

Looks like debian is awaiting this https://bugzilla.mozilla.org/show_bug.cgi?id=1204656

Daryl Herzmann
August 15, 2016, 2:43 PM

So I don't think the latest debian ca-certificates package has letsencrypt CA included, so dwd's approach above won't work in this case (still would be worth doing though). Anyway, while JRE 8 now includes this, openfire does not use it, but provides it own local truststore.

Nathan Neulinger
August 1, 2016, 1:36 PM

FYI - as of JDK/JRE 8u102 - letsencrypt upstream CA is included in the default trust store.

dna
July 16, 2016, 8:30 PM

See also

Daryl Herzmann
July 15, 2016, 4:06 PM

dwd's previous commit may just need to be repeated then. I don't have immediate access to the same directory structure

https://github.com/igniterealtime/Openfire/commit/73b591064501533c69961cb6bc534bdcdc736264

Fixed

Assignee

Dave Cridland

Reporter

Daryl Herzmann