-
Notifications
You must be signed in to change notification settings - Fork 0
tigase
Install OpenSSL:
On linux:
sudo apt-get install openssl
On Windows
Download and extract it from sourceforge
Using OpenSSL console, run these commands (with openssl before on linux). The names of the files are not important, make only attention to put as Common Name of the certificate the domain of the Tigase server, in the following example: test.xyz.it
req -nodes -newkey rsa:2048 -keyout test.xyz.it.key -out test.xyz.it.csr
Complete the requested info, with something like
Country Name (2 letter code) [AU]: IT
State or Province Name (full name) [Some-State]: Italy
Locality Name (eg, city) []: Turin
Organization Name (eg, company) [Internet Widgits Pty Ltd]: ISMB
Organizational Unit Name (eg, section) []: PerT
Common Name (eg, YOUR name) []: test.xyz.it
Email Address []: [email protected]
Please enter the following -'extra' attributes to be sent with your certificate request
A challenge password []:
An optional company name []:
Then create the certificate using the provate key, running
x509 -req -days 3650 -in test.xyz.it.csr -signkey test.xyz.it.key -out test.xyz.it.crt
Then concatenate the crt file and the key file in a pem file.
On linux
cat test.xyz.it.crt test.xyz.it.key > test.xyz.it.pem
ON windows
Create the pem file and then copy in it the content of the crt file followed by the one of the key.
Copy the pem certificate in the certs folder of the Tigase installation directory and restart it.
If in the client machine, there are more than one JRE/JDK installed, you have two alternatives to be sure that your client is able to connect:
- You can execute this step for every Java installation
- You can check what JVM you are using (i.e., in eclipse you have the check in Windows -> Preferences -> Java -> Installed JREs what is the JRE checked) and execute this step only for that location
In the client machine copy the pub.cer file in this location the pub.cer file in this location: JRE_HOME\lib\security (for example if you are using JDK to compile your program, it can be in Windows: C:\Program Files\Java\jdk1.8.0_45\jre\lib\security or C:\Program Files\Java\jdk-11.0.1\lib\security\ instead in linux: /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security or /usr/lib/jvm/java-1.11.0-openjdk-amd64/lib/security)
In the command line (it has to be launched as Administrator) go in the same location and write the command
sudo keytool -importcert -trustcacerts -file test.xyz.it.pem -alias [alias] -keystore -J-Duser.language=en cacerts
where you have to replace [alias] with the name of the rsa alias read in the admin console. In this example, the command is
sudo keytool -importcert -trustcacerts -file test.xyz.it.pem -alias test.xyz.it -keystore -J-Duser.language=en cacerts
The password is changeit, write yes (in the language used in text written in the command line) when the prompt asks "Trust this certificate?"
If something doesn't work, you can try to add the certificate using the admin web interface of Tigase, in Management -> Other -> Add SSl certificate