Skip to content

O
Openfire
Commit 247e2a03 authored by Gaston Dombiak's avatar Gaston Dombiak Committed by gaston
Browse files
Options

Updated. JM-59 


git-svn-id: http://svn.igniterealtime.org/svn/repos/messenger/trunk@537 b35dd754-fafc-0310-a699-88a17e54d16e
parent 5d9825fc
Hide whitespace changes
Inline Side-by-side
Showing with 18 additions and 35 deletions
documentation/docs/ssl-guide.html
View file @ 247e2a03
...@@ -21,7 +21,7 @@ all JVMs. You must consult the documentation for your JVM in creating a ...@@ -21,7 +21,7 @@ all JVMs. You must consult the documentation for your JVM in creating a
valid keystore and truststore valid keystore and truststore
and populating those with the SSL certificates needed for your and populating those with the SSL certificates needed for your
deployment. In this document, we will describe how use the standard JDK deployment. In this document, we will describe how use the standard JDK
1.4 tools to accomplish these tasks. 1.5 tools to accomplish these tasks.
</p> </p>
<h2>Background</h2> <h2>Background</h2>
<p> <p>
...@@ -50,7 +50,7 @@ relatively small. ...@@ -50,7 +50,7 @@ relatively small.
<p> <p>
Certificates attempt to guarantee that a particular party is who they Certificates attempt to guarantee that a particular party is who they
claim to be. claim to be.
Certificates are trusted based on who signed the certifcate. If you Certificates are trusted based on who signed the certificate. If you
only require light security, only require light security,
are deploying for internal use on trusted networks, etc. you can use are deploying for internal use on trusted networks, etc. you can use
"self-signed" certificates. "self-signed" certificates.
...@@ -88,9 +88,9 @@ interacted with before. Certificate signing is similar to a public ...@@ -88,9 +88,9 @@ interacted with before. Certificate signing is similar to a public
notary (with equivalent amounts of notary (with equivalent amounts of
verification of identity, record keeping, and costs). verification of identity, record keeping, and costs).
</p> </p>
<h2>Sun JDK 1.4 security tools</h2> <h2>Sun JDK 1.5 security tools</h2>
<p> <p>
The Sun JDK (version 1.4.x) ships with all the security tools you need The Sun JDK (version 1.5.x) ships with all the security tools you need
to configure SSL with Jive to configure SSL with Jive
Messenger. The most important is the <tt>keytool</tt> located in the <tt>JAVA_HOME/bin Messenger. The most important is the <tt>keytool</tt> located in the <tt>JAVA_HOME/bin
directory</tt> of the JDK. directory</tt> of the JDK.
...@@ -160,7 +160,10 @@ information and set ...@@ -160,7 +160,10 @@ information and set
a key password. <b>You must use the same key password as the store a key password. <b>You must use the same key password as the store
password.</b> By default password.</b> By default
you get this by simply hitting 'enter' when prompted for a key you get this by simply hitting 'enter' when prompted for a key
password. password.</p>
<p>If you later change the keystore password remember to
change the entries' password as well using the keytool:</p>
<p><tt>keytool -keypasswd -alias server.com -keystore keystore</tt>
</p> </p>
<h3>3 Obtain a CA signed certificate</h3> <h3>3 Obtain a CA signed certificate</h3>
<p> <p>
...@@ -206,44 +209,24 @@ Now import each certificate using the keytool: ...@@ -206,44 +209,24 @@ Now import each certificate using the keytool:
certificate_file</tt></p> certificate_file</tt></p>
<h3>6 Configure Messenger</h3> <h3>6 Configure Messenger</h3>
<p> <p>
Open the Messenger configuration file <tt>MESSENGER_HOME/config/jive-messenger.xml</tt> Open the Jive Messenger Admin Console in your favorite
in your favorite browser and add or change the following system properties:
editor and change the following settings:
</p> </p>
<ul> <ul>
<li>jive.xmpp.socket.ssl.active - set to 'true' to active SSL</li> <li>xmpp.socket.ssl.active - set to 'true' to active SSL</li>
<li>jive.xmpp.socket.ssl.port - the port to use for SSL (default is <li>xmpp.socket.ssl.port - the port to use for SSL (default is
5223 for XMPP)</li> 5223 for XMPP)</li>
<li>jive.xmpp.socket.ssl.storeType - the store type used ("JKS" is <li>xmpp.socket.ssl.storeType - the store type used ("JKS" is
the Sun Java Keystore format used by the JDK keytool).</li> the Sun Java Keystore format used by the JDK keytool).</li>
<li>jive.xmpp.socket.ssl.keystore - The location of the keystore file <li>xmpp.socket.ssl.keystore - The location of the keystore file
relative to the <tt>MESSENGER_HOME</tt> root directory.</li> relative to the <tt>MESSENGER_HOME</tt> root directory.</li>
<li>jive.xmpp.socket.ssl.keypass - The keystore/key password you <li>xmpp.socket.ssl.keypass - The keystore/key password you
changed in step 2.</li> changed in step 2.</li>
<li>jive.xmpp.socket.ssl.truststore - Leave blank to not use a <li>xmpp.socket.ssl.truststore - Leave blank to not use a
truststore, otherwise the location of the truststore file relative to truststore, otherwise the location of the truststore file relative to
the <tt>MESSENGER_HOME</tt> root directory.</li> the <tt>MESSENGER_HOME</tt> root directory.</li>
<li>jive.xmpp.socket.ssl.trustpass - The truststore/key password you <li>xmpp.socket.ssl.trustpass - The truststore/key password you
changed in step 5.</li> changed in step 5.</li>
</ul> </ul>
<p> </body>
Below is a sample set up with no truststore.
</p>
<pre><code>
&lt;jive&gt;
&lt;xmpp&gt;
&lt;socket&gt;
&lt;ssl&gt;
&lt;active&gt;true&lt;/active&gt;
&lt;port&gt;5223&lt;/port&gt;
&lt;storeType&gt;JKS&lt;/storeType&gt;
&lt;keystore&gt;security/keystore&lt;/keystore&gt;
&lt;keypass&gt;changeit&lt;/keypass&gt;
&lt;truststore/&gt;
&lt;trustpass/&gt;
&lt;/ssl&gt;
&lt;/socket&gt;
&lt;/xmpp&gt;
&lt;/jive&gt;
</code></pre></body>
</html> </html>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023