We're updating the issue view to help you get more done. 

Sync Openfire's truststore with Mozilla's shipped CAs

Description

Need to include letsencrypt CA to support letsencrypt usage by Openfire

Openfire's distributed truststore already has "dst_root_ca_x3", so I have taken the liberty to hijack this ticket to be more general "update truststore" to match what Mozilla provides

Environment

None

Acceptance Test - Entry

None

Activity

Show:
Daryl Herzmann
July 15, 2016, 4:06 PM

dwd's previous commit may just need to be repeated then. I don't have immediate access to the same directory structure

https://github.com/igniterealtime/Openfire/commit/73b591064501533c69961cb6bc534bdcdc736264

dna
July 16, 2016, 8:30 PM

See also

Nathan Neulinger
August 1, 2016, 1:36 PM

FYI - as of JDK/JRE 8u102 - letsencrypt upstream CA is included in the default trust store.

Daryl Herzmann
August 15, 2016, 2:43 PM

So I don't think the latest debian ca-certificates package has letsencrypt CA included, so dwd's approach above won't work in this case (still would be worth doing though). Anyway, while JRE 8 now includes this, openfire does not use it, but provides it own local truststore.

Daryl Herzmann
August 15, 2016, 2:59 PM

Looks like debian is awaiting this https://bugzilla.mozilla.org/show_bug.cgi?id=1204656

Fixed

Assignee

Dave Cridland

Reporter

Daryl Herzmann

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Major
Configure