I've only added certificates by a) using keytool (so to the Java keystore) and b) adding to run-config.sh
I tried to add to Openfire via Openfire's web based admin ui but it always failed to import. As stated initially: Federation with wavesandbox works like a charm for me. But anyway: Are you saying that generally I should have added certificates to Openfire via it's web based admin? If so: Which certificates exactly? Domain, Intermediate or Root? Sent from my iPhone On 05.11.2009, at 02:08, Peter Saint-Andre <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 11/4/09 6:00 PM, James Purser wrote: >> Nicely done. The one thing i haven't done is to add the intermediate >> cert to the key store. Will try shortly > > It sounds to me as if Openfire behaves oddly. Yes, your XMPP server > needs to present the entire certificate chain, but typically that is > done by importing the domain cert + intermediate CA cert into your > XMPP > server, where the root CA cert is known to both your server and the > peer. But if importing the intermediate CA cert into the keystore > works > with Openfire, then let's document the heck out of that and be on our > way. :) > > Peter > > - -- > Peter Saint-Andre > https://stpeter.im/ > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkryJagACgkQNL8k5A2w/vz0vQCfVPodzRWh9rcCjYaEKTRYqwW8 > +qAAoJbjaBTA2MPL3yVuAokb2v0+8+Hd > =tgsd > -----END PGP SIGNATURE----- > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en -~----------~----~----~----~------~----~------~--~---
