Using a GoDaddy SSL Certificate with Openfire on Debian

2009.12.07

1.  Copy your key and cert to the /etc/openfire/security directory on the server
certkey.com.key
certpub.com.crt

2.  cd /etc/openfire/security

3.  Convert your key and cert to DER format in the root directory:

openssl pkcs8 -topk8 -nocrypt -in certkey.com.key -inform PEM -out certkey.key.der -outform DER
openssl x509 -in certpub.com.crt -inform PEM -out certpub.com.crt.der -outform DER

4.  Get some java utilities and place in the /etc/openfire/security directory to create a java key store from AgentBob
http://www.agentbob.info/agentbob/79.html
ImportKey.java, ImportKey.class

5.  Stop Openfire
/etc/init.d/openfire stop

6.  Backup your existing keystore
mv keystore keystore.old

7.  Create a new keystore (in root directory keystore.ImportKey):
java ImportKey certkey.com.key.der certpub.com.crt.der

8.  Change the keytool passwords back to the defaults (from ‘importkey’ to ‘changeit’)
keytool -storepasswd -keystore /root/keystore.ImportKey
keytool -keypasswd -alias importkey -keystore /root/keystore.ImportKey

9.  Download the the GoDaddy Intermediate Certificate to the /etc/openfire/security directory
wget –no-check-certificate https://certificates.godaddy.com/repository/sf_issuing.crt into the
keytool -import -alias intermed -file sf_issuing.crt -keystore /root/keystore.ImportKey -storepass changeit -trustcacerts

10.  Move the keystore to /etc/openfire/security
mv /root/keystore.ImportKey /etc/openfire/security/keystore

11.  Start Openfire
/etc/init.d/openfire start

Special thanks to http://www.lovelysystems.com/importing-an-existing-ssl-certificate-to-openfire/