Import new ssl in to openfire using keytool

On each renewal of our ssl cert i always forget how i manage to get openfire to read a new certificate. Finally found some notes which seems to just work – Credit to The_Spider on forum for providing clear instructions.

Stop Openfire then merge your root CA with your certificate:

cat >

Convert your existing Private Key and new merged certificate to the pkcs12 format. (This step requires you create a password, I am going to use the default password for simplicity. “changeit”)

openssl pkcs12 -export -in -inkey -out -name

Merge your private key and cert to OpenFire’s private Keystore.

keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore /opt/openfire/resources/security/keystore -srckeystore -srcstoretype PKCS12 -srcstorepass changeit -alias

Start OpenFire