Create and Apply SSL Certificates for OpenFire XMPP Instant Messaging Server

Channel:

i12bretro

Subscribers:

14,400

Published on January 28, 2022 10:00:20 AM ● Video Link: https://www.youtube.com/watch?v=lz41cEi9fhI

Duration: 4:29

1,249 views

#OpenFire #XMPP #InstantMessaging #SSL

Full steps can be found at https://i12bretro.github.io/tutorials/0133.html

Prerequisites
   - A XCA PKI database https://youtu.be/ezzj3x207lQ

Create Your SSL Certificate
   01. Launch XCA
   02. Open the PKI database if it is not already (File ≫ Open DataBase), enter password
   03. Click on the Certificates tab, right click on your Intermediate CA certificate
   04. Select New
   05. On the Source tab, make sure Use this Certificate for signing is selected
   06. Verify your Intermediate CA certificate is selected from the drop down
   07. Click the Subject tab
   08. Complete the Distinguished Name section
         internalName: chat.i12bretro.local
         countryName: US
         stateOrProvinceName: Virginia
         localityName: Northern
         organizationName: i12bretro
         organizationUnitName: i12bretro Certificate Authority
         commonName: chat.i12bretro.local
   09. Click the Generate a New Key button
   10. Enter a name and set the key size to at least 2048
   11. Click Create
   12. Click on the Extensions tab
   13. Select End Entity from the type list
   14. Click Edit next to Subject Alternative Name
   15. Add any DNS or IP addresses that the certificate will identify
   16. Update the validity dates to fit your needs
   17. Click the Key Usage tab
   18. Under Key Usage select Digital Signature, Key Encipherment
   19. Under Extended Key Usage select Web Server and Web Client Authentication
   20. Click the Netscape tab
   21. Select SSL Server
   22. Click OK to create the certificate

Exporting Required Files
   01. In XCA, click on the Certificates tab
   02. Right click the Root CA certificate ≫ Export ≫ File
   03. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
   04. Click OK
   05. Right click the Intermediate CA certificate ≫ Export ≫ File
   06. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
   07. Click OK
   08. Right click the SSL certificate ≫ Export ≫ File
   09. Set the file name with a .crt extension and verify the export format is PEM (*.crt)
   10. Click OK
   11. Click the Private Keys tab
   12. Right click the private key generated for the SSL certificate ≫ Export ≫ File
   13. Set the file name with a .pk8 extension and verify the export format is PKCS #8 (*.pk8)
   14. Click OK

Applying SSL Certificate to OpenFire
   01. Log into the OpenFire Admin Console
   02. Click the TLS/SSL Certificates tab in the top sub-navigation menu
   03. Click the Manage Store Contents link under Server Trust store (middle option)
   04. Click the import form link
   05. Give the certificate an alias and paste the contents of the exported Root CA .crt file ≫ Click Save
   06. Click the import form link again
   07. Give the certificate an alias and paste the contents of the exported Intermediate CA .crt file ≫ Click Save
   08. Click the TLS/SSL Certificates tab in the top sub-navigation menu
   09. Click the Manage Store Contents link under Identity store (top option)
   10. Click the imported here link
   11. Paste the contents of the exported private key .pk8 file into the private key field
   12. Paste the contents of the exported certificate .crt file into the certificate field
   13. Click Save
   14. Click the delete icon next to the self-signed certificate generated by OpenFire ≫ Click OK to confirm the delete action
   15. Click the TLS/SSL Certificates tab in the top sub-navigation menu
   16. Click the Client Trust Store Contents link under Identity store (bottom option)
   17. Click the import form link
   18. Give the certificate an alias and paste the contents of the exported Root CA .crt file ≫ Click Save
   19. Click the import form link again
   20. Give the certificate an alias and paste the contents of the exported Intermediate CA .crt file ≫ Click Save
   21. Restart the OpenFire service
   22. Once OpenFire has completed started, navigate to https://DNS:9091/ to access the Admin Console over SSL
   23. In the OpenFire Admin Console click on Sessions in the top navigation to view active client connections and their current SSL communication status

At this point instant messaging clients can be switched to require encryption. You may need to import the root and intermediate certificates into the client for the communication to work seemlessly (no prompts). This will vary depending on the IM client in use.

### Connect with me and others ###
★ Discord: https://discord.com/invite/EzenvmSHW8
★ Reddit: https://reddit.com/r/i12bretro
★ Twitter: https://twitter.com/i12bretro

Other Videos By i12bretro

2022-02-10	Use IPTables to Redirect ProxMox HTTPS Web UI Traffic
2022-02-09	Running Apache Guacamole in Docker
2022-02-08	Installing HostMon - Simple Host Monitor and Application Dashboard - on Linux
2022-02-07	Create and Apply SSL Certificates to ProxMox VE Web UI
2022-02-05	Install VMware vSphere ESXi Update Via Command Line
2022-02-03	Dual Boot Windows 10 and Debian Keeping Windows Boot Manager
2022-02-02	Install OBS Studio on Debian/Ubuntu
2022-02-01	Retro Reflective - Episode 3 - Virtual Boy Wario Land on Virtual Boy
2022-01-31	Let's Install Pimox - Proxmox v7 for the Raspberry Pi 4
2022-01-29	Install Uptime Kuma on Linux
2022-01-28	Create and Apply SSL Certificates for OpenFire XMPP Instant Messaging Server
2022-01-27	UPDATE - Installing Batocera v32+ on S905/S905x/S905w/S905d Android TV Boxes
2022-01-26	Portable Windows 11 USB Flash Drive with Rufus and Windows To Go
2022-01-25	Convert VirtualBox VM to VMware ESXi
2022-01-24	Running an ARM64 VM in ProxMox VE
2022-01-22	Install Pi-Hole on Windows 10 Via WSL
2022-01-20	Web Based Active Directory Management with ManageEngine ADManager Plus
2022-01-19	Join VMware vSphere ESXi Host to Active Directory Domain
2022-01-17	Running a MacOS Catalina 10.15 VM in VMware
2022-01-15	Setup Automatic Updates on Debian
2022-01-13	Ubuntu Web Remix Install Guide Using VirtualBox

Tags:

Browser Based

Certificate

Certificate Authority

Certificates

Chat Server

Encryption

Home Lab

Home Lab Ideas

How To

Instant Messager

Instant Messaging

Linux

Office Instant Messenger

OpenFire

OpenFire Server

PKI

Private Key Infrastructure

SSL

SSL Certificates

Secure Communication

Self-Hosted

Self-Signed SSL

System Administration

Tutorial

Web Based

Windows

X Certificate And Key Management

X Certificate Key Manager

XCA

XMPP

i12bretro

Channel	Latest
Whoofzeno	6 hours ago
Spacefish	6 hours ago
JairCraft	6 hours ago
LRR Streams	6 hours ago
FlyingPastaKitty	6 hours ago
Nightblue Music	7 hours ago
OinK Gaming	7 hours ago
SACCAGAMES	7 hours ago
AMIN GAMING NHK75	7 hours ago
THE SAVAGE BEAST / 野蛮な獣 / EL BESTIA SALVAJE	7 hours ago
TGWPIS	7 hours ago
Wot Blitz with Nikolaus	7 hours ago
LUKE1618	7 hours ago
CutiePieSensei	7 hours ago
Larrys Lounge	7 hours ago
Alyzbane	7 hours ago
Fortnite Events	7 hours ago
Gamer News BR	7 hours ago
DreddHound	7 hours ago
Follow That	7 hours ago
Ryan Trahan	7 hours ago
Jelly	7 hours ago
ALEX	7 hours ago
Fancy Dinosaur	7 hours ago
Wirtual Clips	7 hours ago