Fix generating of the self-signed certificates after truststore deletion


After an accidental or not deletion of resources/security folder, Openfire shows a red icon with white cross in Admin Console. If one goes to Server Certificates page and generates new self-signed certificates, then HTTP server restarts and everything looks fine until the next server restart. Openfire launcher gives such errors:
at org.jivesoftware.openfire.admin.ssl_002dcertificates_jsp._jspService(
at org.apache.jasper.runtime.HttpJspBase.service(
at javax.servlet.http.HttpServlet.service(
at org.mortbay.jetty.servlet.ServletHolder.handle(
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(
at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(
at org.jivesoftware.util.LocaleFilter.doFilter(
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(
at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(
at org.jivesoftware.admin.PluginFilter.doFilter(
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(
at org.jivesoftware.admin.AuthCheckFilter.doFilter(
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(
at org.mortbay.jetty.servlet.ServletHandler.handle(
at org.mortbay.jetty.servlet.SessionHandler.handle(
at org.mortbay.jetty.handler.ContextHandler.handle(
at org.mortbay.jetty.webapp.WebAppContext.handle(
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(
at org.mortbay.jetty.handler.HandlerCollection.handle(
at org.mortbay.jetty.handler.HandlerWrapper.handle(
at org.mortbay.jetty.Server.handle(
at org.mortbay.jetty.HttpConnection.handleRequest(
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(
at org.mortbay.jetty.HttpParser.parseNext(
at org.mortbay.jetty.HttpParser.parseAvailable(
at org.mortbay.jetty.HttpConnection.handle(
at org.mortbay.thread.QueuedThreadPool$




Guenther Niess
January 26, 2010, 3:49 PM

After installation of openSUSE 11.2 I had also problems with saving the self signed keys, but on the SUSE build log I see that the keystore is only a link to the client truststore. If I remove that link and use a separate file for the keystore it works. I don't know what script builds the SUSEs' RPM package, but in my opinion this script should be fixed.

Peter Nixon
January 26, 2010, 3:58 PM

Hi Guenther

You are correct. This solves the problem for me also. I will have at look at why the package has this in a little bit and see about fixing it. Thanks for your help.

Peter Nixon
January 26, 2010, 4:28 PM

OK. It appears that the problem is caused by the %fdupes macro which had been configured to always use softlinks to avoid cross partition problems as suggested at:

For now I have disabled %fdupes completely. New packages should be on the mirrors shortly.

Is there an easy way to make the default key stores "different" at build time?

Guenther Niess
January 31, 2010, 8:22 AM

Hmm, I've doubts that my fix was so ideal. I think we should at least warn the admin that all root certs were deleted before or after we generate an empty truststore. I'll write a patch which shows a warning in the admin console.

Guenther Niess
February 1, 2010, 3:27 PM

Ok, finally I've separated loading of the keystore and S2S truststore. Since we can't generate the root certs for the S2S truststore I think we should't try to generate any S2S truststore.



Guenther Niess





Expected Effort


Ignite Forum URL


Fix versions

Affects versions