On each renewal of our ssl cert i always forget how i manage to get openfire to read a new certificate. Finally found some notes which seems to just work – Credit to The_Spider on igniterealtime.org forum for providing clear instructions.
Stop Openfire then merge your root CA with your certificate:
cat example.com.cert startssl.class2.ca > example.com.TempCert
Convert your existing Private Key and new merged certificate to the pkcs12 format. (This step requires you create a password, I am going to use the default password for simplicity. “changeit”)
openssl pkcs12 -export -in example.com.TempCert -inkey example.com.private -out example.com.pkcs12 -name example.com
Merge your private key and cert to OpenFire’s private Keystore.
keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore /opt/openfire/resources/security/keystore -srckeystore example.com.pkcs12 -srcstoretype PKCS12 -srcstorepass changeit -alias example.com