Project

General

Profile

Private Certificate

Alex Kobzar
Added about 2 years ago

Couldn't understand how to use my own certificate with tigase?

I was:

Stop server

clean certs directory

put my file.pem

add to init.properties next lines

--ssl-container-class=tigase.io.SSLContextContainer

basic-conf/virt-hosts-cert-*.domain.com=/etc/tigase/certs/file.pem

start server.

But after this actions tigase generate himself cert with domain.com.pem and use it.

What's my mistake?

tig v.7.1.0


Replies (5)

Added by Wojciech Kapcia TigaseTeam about 2 years ago

Alex Kobzar wrote:

Couldn't understand how to use my own certificate with tigase?

I was:

Stop server

clean certs directory

put my file.pem

By the rule of thumb you should place your certificate in the file which name matches the vhost (so for example as seen below: @domain.com.pem@)

add to init.properties next lines

--ssl-container-class=tigase.io.SSLContextContainer

basic-conf/virt-hosts-cert-*.domain.com=/etc/tigase/certs/file.pem

Unless needed you should not use manual configuration.

start server.

But after this actions tigase generate himself cert with domain.com.pem and use it.

What's my mistake?

tig v.7.1.0

Looking at complete logs from the startup (adding cert to debugging configuration will help) will give you more information.

Please note, that you need to provide your certificate and full certification chain and your private key within pem file.

Added by Alex Kobzar about 2 years ago

the cert must be only in pem format ?

Added by Wojciech Kapcia TigaseTeam about 2 years ago

Alex Kobzar wrote:

the cert must be only in pem format ?

Yes, Tigase support certificates only in PEM format, but you can convert to it from (almost?) any format.

Added by Alex Kobzar about 2 years ago

So, that is my question.

I have a cert from comodo in 7b format.

So, i convert it to pem

openssl pkcs7 -in certificate_file.p7b -print_certs -out cert.pem

after this put it in to certs dir and restart tigase but have error:

2017-02-15 07:02:08.851 [main]             SSLContextContainer.init()         WARNING:  Cannot load certficate from file: certs/cert.pem
java.lang.RuntimeException: Can't find root certificate in chain!
    at tigase.cert.CertificateUtil.sort(CertificateUtil.java:586)
    at tigase.cert.CertificateUtil.sort(CertificateUtil.java:572)
    at tigase.io.SSLContextContainer.addCertificateEntry(SSLContextContainer.java:167)
    at tigase.io.SSLContextContainer.init(SSLContextContainer.java:394)
    at tigase.io.TLSUtil.configureSSLContext(TLSUtil.java:86)
    at tigase.conf.ConfiguratorAbstract.setProperties(ConfiguratorAbstract.java:772)
    at tigase.conf.ConfiguratorAbstract.setup(ConfiguratorAbstract.java:519)
    at tigase.conf.ConfiguratorAbstract.componentAdded(ConfiguratorAbstract.java:152)
    at tigase.conf.Configurator.componentAdded(Configurator.java:50)
    at tigase.conf.Configurator.componentAdded(Configurator.java:33)
    at tigase.server.AbstractComponentRegistrator.addComponent(AbstractComponentRegistrator.java:116)
    at tigase.server.MessageRouter.addRegistrator(MessageRouter.java:138)
    at tigase.server.MessageRouter.setConfig(MessageRouter.java:644)
    at tigase.server.XMPPServer.start(XMPPServer.java:142)
    at tigase.server.XMPPServer.main(XMPPServer.java:112)

Added by Wojciech Kapcia TigaseTeam about 2 years ago

Alex Kobzar wrote:

So, that is my question.

I have a cert from comodo in 7b format.

So, i convert it to pem

openssl pkcs7 -in certificate_file.p7b -print_certs -out cert.pem

after this put it in to certs dir and restart tigase but have error:

[...]

Make sure you have everything in the file - your certificate, private key (and if needed - intermediate certificates) - check Subject and Issued fields of the file (certificates) and verify that used JVM version have root CA in the trusted CA store.

    (1-5/5)