Once the information is updated, click the Import button that is right above the self-signed certificates in Openfire. This will take you to a import form.<\/p>\n

The passphrase by default should be changeit<\/p>\n

In the second field, copy the contents of the .key file we created in OpenSSL that should be in the bin folder and paste it there.<\/p>\n

In the third field, copy the contents of the fullcert.txt file we made and paste there. Hit save and your cert should import. Restart openfire.<\/p>\n<\/div>\n

This is a general how-to on the subject matter. A few other things you may need to do: insert root and intermediate certificated depending on your CA. This can be done in the java keytool.<\/p>\n

I did not delete the self-signed certificate but it should not cause an issue if they are removed.<\/p>","step":[{"@type":"HowToStep","name":"Download and Install OpenSSL-Win32","text":"\nWindows binary can be located here.\n\nhttp://slproweb.com/products/Win32OpenSSL.html"},{"@type":"HowToStep","name":"Generate a Private Key","text":"\nOpen a command prompt and navigate to your OpenSSL\\bin folder.\n\nCommand: openssl genrsa -out your.domain.com.key 2048"},{"@type":"HowToStep","name":"Generate CSR","text":"\nopenssl req -out your.domain.com.csr -key your.domain.com.key -new"},{"@type":"HowToStep","name":"Fill out Information","text":"\nFill in the prompted fields (State, Locality, ON, OU) For the common name, make sure to put your domain that you are trying to secure. For a wildcard, use *.domain.com\n\nYou can leave the rest blank after that."},{"@type":"HowToStep","name":"Copy CSR","text":"\nIn the bin folder you will now see a file for your csr and one for you private key. Copy the contents of the CSR and paste it into your SSL provder CSR request form."},{"@type":"HowToStep","name":"Configure your Cert","text":"\nOnce your receive your cert from the vendor. Open your .crt file. You should also have a .bundle file. Copy the contents of the .bundle file and paste it directly beneath the contents of your .crt file. Save it as a new file. Something like fullcert.txt"},{"@type":"HowToStep","name":"Update Information","text":"\nLogin to your openfire console. Browse to Server settings and then Server certificates. At the bottom you should see a place to update the CSR issue information. Update that with the same information you used to generate the CSR in openSSL"},{"@type":"HowToStep","name":"Insert the Cert","text":"\nOnce the information is updated, click the Import button that is right above the self-signed certificates in Openfire. This will take you to a import form.\n\nThe passphrase by default should be changeit\n\nIn the second field, copy the contents of the .key file we created in OpenSSL that should be in the bin folder and paste it there.\n\nIn the third field, copy the contents of the fullcert.txt file we made and paste there. Hit save and your cert should import. Restart openfire."}]}