[Bug 592836] SSL certificate for jabber.gnome.org invalid, clients cannot connect

From: "sysadmin" (bugzilla.gnome.org) <bugzilla gnome org>
To: gnome-infrastructure gnome org
Subject: [Bug 592836] SSL certificate for jabber.gnome.org invalid, clients cannot connect
Date: Wed, 3 Mar 2010 22:15:57 +0000 (UTC)

https://bugzilla.gnome.org/show_bug.cgi?id=592836
  sysadmin | Other | unspecified

Olav Vitters <bugzilla-gnome> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED

--- Comment #8 from Olav Vitters <bugzilla-gnome vitters nl> 2010-03-03 22:15:53 UTC ---
Created an private and certificate file. This cannot be imported using keytool,
nor with the openfire web interface.


Instructions:
Name the private file key.pem
Name the certificate file cert.pem

Run:
openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER

In ImportKey.java (taken from http://www.agentbob.info/agentbob/79-AB.html),
change
> String keypass = "importkey"
to
> String keypass = "changeit"

and
> String defaultalias = "importkey";
to
> String defaultalias = "jabber.gnome.org";

Run:
/opt/openfire/jre/bin/java ImportKey key.der cert.der
# This creates ~/keystore.ImportKey
/etc/init.d/openfire stop
mv ~/keystore.ImportKey /opt/openfire/resources/security/keystore
/etc/init.d/openfire start


WARNING: /usr/bin/keytool on label is the GNU version. Use one supplied with
Openfire /opt/openfire/jre/bin/keytool instead! The GNU version cannot read the
file produced by Openfire.


Oh, and to get admin rights on Openfire:
/etc/init.d/openfire stop
vim /opt/openfire/embedded-db/openfire.script

Search for:
> INSERT INTO OFPROPERTY VALUES('admin.authorizedJIDs','admin gnome org,jdub gnome org,ovitters gnome org')
change it appropriately.

then:
/etc/init.d/openfire start

Seems Openfire is configured to read in those SQL statements into a memory
database (HSQL).


Btw: Certificate seems to work, maybe missed something. Pidgin didn't accept it
by default though.

-- 
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the QA contact of the bug.
You are watching the assignee of the bug.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]