We are using using openfire at our university for internal IT communication. We have purchased a signed ssl cert from ipsca.com (they provide free certs for educational institutions.
I ordered two signed certifications to them, an rsa cert and a dsa cert. Both were generated from within the server certification page in the openfire admin console. The CSR requests provided was the two “-----BEGIN NEW CERTIFICATE REQUEST----- … -----END NEW CERTIFICATE REQUEST-----” blocks on the server certificate page.
Problems started once I tried to import the signed cert from ipsca.com Pasting the key into the openfire web interface only produced errors (I am unable to provide the errors, due to reasons explained below). Using keytool, I extracted the two certificates in openfires keystore (openfire/resources/security/keystore) for backup purposes. I then used keytool to import ipsca’s root and intermediate cert into openfire’s keystore. At this point I was able to successfully import the signed certificate with keytool into the keystore.
After restarting openfire, the ssl admin webpage is using the signed cert. Viewing the cert verifies the hierarchy is correct, and all details are correct. Connecting to the jabber server with an ssl capable client also indicates SSL is working.
The problem is accessing the ‘Server Certificates’ admin page. When I try to access the page, I an greeted with
Exception:
java.security.InvalidKeyException: Supplied key (null) is not a RSAPrivateKey instance
[Trace]