How to import SSL in the Existing Openfire Installation
What is Openfire?
Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache License. It uses the only widely adopted open protocol for instant messaging, XMPP (also called Jabber).
Step 1: Put the Keys and Certificates:
Put the Cert and the Key and the CA Cert in the /etc/ssl/ Directory
# ll /etc/ssl/-rw-r--r-- 1 root root 4795 Aug 1 11:39 ca-bundle.crt
-rw-r--r-- 1 root root 1838 Aug 1 11:39 ca-cert.crt
-rw-r--r-- 1 root root 1704 Aug 1 11:39 ca-cert.key
Step 2: Create a Init Script for Run Openfire Run as a Service:
# vi /etc/init.d/openfire#!/bin/bash
# description: Openfire Service Status
# processname: openfire
# chkconfig: 234 20 80
OPENFIRE_HOME=/opt/openfire
case $1 in
start)
sh $OPENFIRE_HOME/bin/openfire start
;;
stop)
sh $OPENFIRE_HOME/bin/openfire stop
;;
restart)
sh $OPENFIRE_HOME/bin/openfire restart
;;
status)
sh $OPENFIRE_HOME/bin/openfire status
;;
esac
exit 0
---- save & quit (:wq) ----
# chmod 755 /etc/init.d/openfire
Step 3: Create a Shell Script for Importing the Certs keys to the JAVA Platform:
# vi /mnt/key-import.sh### Add these lines
JavaDir="/opt/openfire/resources/security" ### Openfire Installation Directory for Store the Imported Keys
PASS="changeit" ### SSl Exportable & Openfire Admin Certificate Stores Passord
cert="ca-cert" ### Cert Name only
certdir="/etc/ssl" ### Cert Directory
tmp="/root" ### Temporary Folder
ca="/etc/ssl/ca-bundle.crt" ### CA Cert Name
test -e "${JavaDir}/truststore" && rm -f "${JavaDir}/truststore" ### Checking if there is anything stored already in trustore
test -e "${JavaDir}/keystore" && rm -f "${JavaDir}/keystore" ### Checking if there is anything stored already in keystore
service openfire stop
cat "${certdir}/${cert}.crt" "${ca}" > ${tmp}/"combined.crt"
keytool -import -trustcacerts -storepass $PASS -alias "StartSSL Class 2" -file "${ca}" -keystore "${JavaDir}/truststore"
openssl pkcs12 -export -in "${tmp}/combined.crt" -inkey "${certdir}/${cert}.key" -out "${tmp}/${cert}.p12" -name "${cert}" -CAfile "${ca}" -passout pass:"${PASS}"
keytool -importkeystore -deststorepass "$PASS" -srcstorepass "$PASS" -destkeystore "${JavaDir}/keystore" -srckeystore "${tmp}/${cert}.p12" -srcstoretype PKCS12 -alias "${cert}"
chmod 640 "${JavaDir}/truststore" "${JavaDir}/keystore"
chown openfire:openfire "${JavaDir}/truststore" "${JavaDir}/keystore"
service openfire start
---- save & quit (:wq) ----
# useradd -s /sbin/nologin openfire
# chown -Rf openfire:openfire /opt/openfire
# chmod -Rf 775 /opt/openfire
# vi /etc/sudoers
### Add at last of the File
openfire ALL=(ALL) NOPASSWD:ALL
---- save & quit (:wq) ----
N.B: After creating the openfire User can run the Key Import Script, then the Keys will be imported to the Openfire
# sh /mnt/key-import.sh# ll /opt/openfire/resources/security
-rw-r----- 1 openfire openfire 6117 Aug 1 12:35 keystore
-rw-r----- 1 openfire openfire 1309 Aug 1 12:35 truststore
Step 4: Now login into the Openfire Admin Panel and Do the Rest:
http://<server-ip>:9090User: admin
Pass: password
Click on TLS/SSL Certificates --> Give the Password that has been Used in the Script to Every Password Section Here one by one --> Save Settings (one by one) --> Done.
Step 5: Login to the Server via SSH and Shutdown Openffire Properly and then Start again:
# service openfire stop# ps -ef |grep java
## Kill all the Processes that are running for Java
# kill -9 <PID>
Then statr the Openfire Again
# service openfire start