Uploaded image for project: 'Openfire (ARCHIVED)'
  1. Openfire (ARCHIVED)
  2. JM-1204

Certificate Signing Requests are not generated when issuer name matches xmpp domain

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.4.2
    • Fix Version/s: 3.4.3
    • Component/s: Admin Console
    • Labels:
      None

      Description

      Certificate Signing Requests are not generated when issuer name matches xmpp domain. To reproduce this problem create new certificates and then complete the issuer information from the admin console. When entering the Name of the issuer use the XMPP domain of the server. Once saved you will go back to the certificates page but you won't be able to get the CSR information.

      Both ssl-signing-request.jsp and ssl-certificates.jsp have a line like this:

      // Self-signed certs are certs generated by Openfire whose IssueDN equals SubjectDN
      boolean isSelfSigned = c.getSubjectDN().equals(c.getIssuerDN());

      The problem is subjectDN was modified for 3.4.2 to be like issuerDN to be accepted by some CAs. We now need to use another logic to find out whether a certificate is self-signed or not. Certificates created by Openfire will use CN=[domain] as the subjectDN and issuerDN. When a CSR is created both fields (subjectDN and issuerDN) are updated to include the meta data (O=,ST=, OU=,etc.).

        Attachments

          Activity

            People

            • Assignee:
              gaston Gaston Dombiak
              Reporter:
              gaston Gaston Dombiak
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: