{"id":25,"date":"2016-07-31T16:36:00","date_gmt":"2016-07-31T16:36:00","guid":{"rendered":""},"modified":"2021-02-22T01:12:59","modified_gmt":"2021-02-22T01:12:59","slug":"installing-signed-ssl-certificate-on-openfire","status":"publish","type":"post","link":"https:\/\/www.tech-and-dev.com\/blog\/2016\/07\/installing-signed-ssl-certificate-on-openfire.html","title":{"rendered":"Installing a Signed SSL Certificate For Openfire 4 on CentOS"},"content":{"rendered":"
\n
\"Openfire<\/a><\/div>\n

Openfire is a real time collaboration application server written in Java.<\/p>\n

Checking Installed Certificates<\/h2>\n

To check for the installed certificates, run the following command:<\/p>\n

\/opt\/openfire\/jre\/bin\/keytool -list -v -keystore \/opt\/openfire\/resources\/security\/keystore<\/pre>\n
 <\/p>\n
<\/div>\n
<\/div>\n
<\/div>\n
\n
The default password is changeit<\/b><\/p>\n
<\/a><\/p>\n<\/div>\n
\n
Working in Keystore Directory<\/h2>\n<\/div>\n
Change the path to the keystore directory.<\/div>\n
\n
cd \/opt\/openfire\/resources\/security\/keystore<\/pre>\n
Generate a Private Key<\/h2>\n
keytool -genkey -alias yourhostname.com <\/span>-keysize 2048 -keyalg RSA -keystore keystore<\/pre>\n<\/div>\n
\n
where yourhostname.com<\/span> is the hostname that you will be accessing the server from (example: example.com or yourhostname.com)<\/p>\n
Generate a 2048 bit CSR<\/h2>\n
keytool -certreq -file sslcert -alias yourhostname.com -keysize 2048 -keyalg RSA -keystore keystore<\/pre>\n
Submit the CSR to the CA<\/h2>\n<\/div>\n
Use the following command to open the CSR:<\/div>\n
\n
vi sslcert<\/pre>\n<\/div>\n
Copy and paste the content (called CSR) and submit it to the CA to verify the CSR (Example Godaddy, Thawte, Verisign…) and Sign the SSL<\/div>\n
<\/div>\n
\n
Upload the Certificates<\/h2>\n<\/div>\n
After the CA approves and sign your SSL, download the ceritificates, you should have the signed certificate as well as the root CA and trust\u00a0 CA<\/div>\n
<\/div>\n
Open the certificates you have downloaded from the CA, and open them in a text editor (like notepad or gedit).<\/div>\n
<\/div>\n
On the server, create the signed cert, root cert and trustCA cert and paste the content from the text editor<\/div>\n
\n
vi rootCert<\/pre>\n<\/div>\n
\n
vi trustCert<\/pre>\n<\/div>\n
\n
vi signedCert<\/pre>\n<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
\n
 <\/p>\n
Import the SSLs in the following order:<\/h2>\n
 <\/p>\n
keytool -import -trustcacerts -alias root -file rootCert -keystore keystore<\/pre>\n
 <\/p>\n
keytool -import -trustcacerts -alias root_ca -file trustCert -keystore keystore<\/pre>\n
 <\/p>\n
keytool -import -keystore keystore -alias yourhost.com -file signedCert<\/pre>\n
Delete the default old certs:<\/h2>\n
keytool -delete -keystore keystore -alias yourhost.com_rsa\r\nkeytool -delete -keystore keystore -alias yourhost.com_dsa<\/pre>\n
Restart Openfire for changes to take effects<\/h2>\n
service openfire restart<\/pre>\n<\/div>\n
<\/div>\n
<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
Openfire is a real time collaboration application server written in Java. Checking Installed Certificates To check for the installed certificates, run the following command: \/opt\/openfire\/jre\/bin\/keytool -list -v -keystore \/opt\/openfire\/resources\/security\/keystore   The default password is changeit Working in Keystore Directory Change the path to the keystore directory. cd \/opt\/openfire\/resources\/security\/keystore Generate a Private Key keytool -genkey -alias […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[17,6,35],"tags":[],"class_list":["post-25","post","type-post","status-publish","format-standard","hentry","category-centos","category-linux","category-openfire"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/25","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/comments?post=25"}],"version-history":[{"count":2,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/25\/revisions"}],"predecessor-version":[{"id":362,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/25\/revisions\/362"}],"wp:attachment":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/media?parent=25"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/categories?post=25"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/tags?post=25"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}