Previous Next

Ignite Realtime Blog

November 2007
Gaston Dombiak

Many years ago when I started adding certificates management to Openfire I couldn't stop thinking how complex the certificate management topic was. Moreover, I thought that the lack of information regarding certificates management was on purpose as a way to keep them "secure".

 

Even though I do not consider myself an expert in security and certificates in particular, I think I finally understood the different ways certificates can be created, signed by Certificate Authorities (CA) and finally be imported into your application. Basically there are two ways for this to be achieved and fortunately the XMPP Federation through its CA services supports both of them.

 

Create your certificate and ask a CA to sign it

 

In this case you will create a certificate from the admin console of Openfire and then ask Openfire to create a Certificate Signing Request (CSR) that is sent to the CA. The Certificate Authorities (CA) usually has a web site that you can use to paste the CSR. If you are using the XMPP Federation services, choose the menu option Server Certificate (Without CSR generation). After the CA verified the certificate data and the data of the certificate issuer you will get a signed certificate that you will need to import into Openfire from the admin console.

 

 

 

The CA creates a certificate for you and signs it

 

In this case almost the entire process happens in the CA web site and administrators will need to import the signed certificated into Openfire. If you are using the XMPP Federation services, choose the menu option Server Certificate (With CSR generation) and then provide a pass phrase to create the certificate and its private key. After the data was validated you will receive a signed certificate. The last step to import the new certificate into Openfire is to paste the pass phrase, private key and signed certificate in the import certificate page in Openfire and voila.

 

 

 

As of Openfire 3.4.2 you will be able to choose the certificate management option that best fits you and follow the entire process from the admin console. You will be able to say bye bye to the cumbersome command line tools. If you are using Openfire 3.4.1 or older then only the first option is supported.

28 Comments Permalink Tags: certificate, openfire, planetjabber
Daniel Henninger

You may or may not already be aware that I have been a full time member of the Jive family for a couple of weeks now!  It's been quite interesting to see how different it is from my previous job in a university setting.  It's been a lot of fun already and it's really exciting to have turned my favorite hobby into a career.  =)  My coworkers are great and I almost find myself wondering why I didn't do this earlier. 

 

So what am I going to be doing?  Well, the development of the IM Gateway plugin is part of my job now.  We'll be setting solid goals and release dates instead of it being dependent entirely on my free time.  That and Openfire are my main focuses.  I'm really excited about playing a more direct role in Openfire development!  One of my first tasks will be to improve the unix installers for Openfire.  They have been lacking love for a while now and I have a strong unix background to bring to the table.  In one of the next releases of Openfire we'll have improved packages, unix scripts, and better support for more operating system distributions.  Overall, good things to come!  =)

 

You may have heard that I have taken over as lead developer of Spark.  It's been a long time since I have been involved in client development and I actually miss it.  My very first XMPP related project was a client.  Now, as you've heard from the Ignite Realtime post preceding this one, Spark is a low priority.  My focus with it in terms of work with Jive is bug fixes, maintenance, and paying customer requirements.  Beyond that, I'll likely be working on it on my own time when I need a change of pace.  I am a Mac user primarily, so you may see more Mac focused fixes at first.  If nothing else I'm going to make sure Spark is something I enjoy using, which coincides to a lot of things that the community has reported/requested anyway.    I highly encourage folk who are interested to submit patches!  The only caveat is that for patches of any size, I'll need you to sign contributor agreements, if you haven't already.

 

Now, since I'm involved in more than just the IM Gateway plugin now, I can't keep up with the forums as much as I did before.  I try to spend some time each day looking over the forums, but with more than just the single forum, it's too much to keep up with entirely.  Dawn is working hard on coming up with good ways to involve the community more and try to make sure things don't get missed!  She has been speaking on this in the Jive Lounge, so please visit the lounge and contribute if you have some thoughts!

 

Anyway, I wanted to make sure folk understood that my role has changed and wave hi from within Jive!  =)  Any questions?

7 Comments Permalink Tags: gateway-plugin, openfire, spark, gateway, openfire-server, spark-client, jive, ignite_realtime

Actions

Popular Blog Posts