Skip to content

O
Openfire
Commit 82ce558f authored by Matt Tucker's avatar Matt Tucker Committed by matt
Browse files
Options

Initial check-in. 


git-svn-id: http://svn.igniterealtime.org/svn/repos/messenger/trunk@148 b35dd754-fafc-0310-a699-88a17e54d16e
parent b0facf44
Expand all Show whitespace changes
Inline Side-by-side
Showing with 1947 additions and 0 deletions
documentation/docs/database-guide.html 0 → 100644
View file @ 82ce558f
This diff is collapsed.
documentation/docs/database.html 0 → 100644
View file @ 82ce558f
This diff is collapsed.
documentation/docs/index.html 0 → 100644
View file @ 82ce558f
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Messenger: Overview - Jive Software</title>
<link type="text/css" rel="stylesheet" href="style.css">
</head>
<body>
<h1>Jive Messenger</h1>
<p> Jive Messenger provides comprehensive group chat and instant
messaging (IM) services to online and intranet user communities using
the XMPP protocol.</p>
<p>As a pure Java application, the server is designed for
extensible and flexible deployment into new or existing infrastructure.
The server contains a pluggable backend data storage and security system and
interfaces for customizing and extending the server.</p>
<p>Jive Software also offers a high-quality Open-Source Java client library
called <a href="http://www.jivesoftware.org/smack"> Smack </a> . The Smack
library makes it easy to write custom clients in Java for communicating
over IM or chat with XMPP servers. In addition, Jive Messenger will
work with any standards compliant XMPP client.</p>
<ul>
<li> <a href="install-guide.html">Installation Guide</a> -
How to manually install the server as standalone application.</li>
<li> <a href="database.html">Database Installation Guide</a> - How
to setup your database for use with Jive Messenger.</li>
<li> <a href="database-guide.html">Database Schema Guide</a> - A
tour of the Jive Messenger database schema for developers and database
administrators.</li>
<li> <a href="ssl-guide.html">SSL Guide</a> - A guide to setting up
Messenger's SSL secure socket support.</li>
<li> <a href="ldap-guide.html">LDAP Guide</a> - A guide to setting
up Jive Messenger to work with LDAP user stores.</li>
</ul>
<p>An active support community for Jive Messenger is available at <a
href="http://www.jivesoftware.org/forums">http://www.jivesoftware.org/forums</a>.</p></body>
</html>
documentation/docs/install-guide.html 0 → 100644
View file @ 82ce558f
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Jive Software Messenger Readme</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<h1>Jive Messenger Installation Guide</h1>
<p>Jive Messenger is a powerful instant messaging (IM) and chat
server that implements the XMPP protocol. This document will guide
you through installing Jive Messenger as a standalone
application. For a full list of features and more information, please
visit the Jive Messenger website: <a href="http://www.jivesoftware.org/messenger"
target="_top">http://www.jivesoftware.org/messenger</a></p>
<p>In order to install Jive Messenger, you'll need a server environment
that meets the following requirements: </p>
<ul>
<li>JDK 1.5 or later. You can check your java version by typing "java
-version" at the command line. See <a href="http://java.sun.com">http://java.sun.com</a>
for Java on your platform or download a Jive Messenger installer with
bundled JVM for your operating system.</li>
<li>A supported database with a robust JDBC 2.0 compliant driver.
Supported databases and recommended JDBC drivers are detailed in the
database documentation below. Alternatively, you can use the embedded database.</li>
</ul>
<h2>Installation Overview</h2>
<p>To complete the installation of Jive Messenger, you'll need to
perform each of the following steps: </p>
<ol>
<li><a href="#database">Database</a> - prepare your database for Jive
Messenger. </li>
<li><a href="#config">Setup</a> - Use the built in web based setup
tool to setup and verify the server configuration.</li>
<li><a href="#tools">Admin Tool</a> - use the web-based admin tool to
manage the server.</li>
</ol>
<h2><a name="distribution">Files in the Distribution</a></h2>
<p> The files in your distribution should be as follows (some
sub-directories omitted for brevity): </p>
<pre>jive_messenger/
|- readme.html
|- license.html
|- conf/
|- bin/
|- lib/
|- plugins/
|- admin/
|- resources/
|-database/
|-security/
|- documentation/</pre>
<ul>
<li>The <tt>conf</tt> directory is where Jive Messenger stores
configuration files.</li>
<li>The <tt>bin</tt> directory contains the server executable scripts.
Run startup.bat or startup.ssh. If you used the Jive Messenger installer,
native executables are also provided for your convenience. Below the base
directory are platform specific deployment tools for running Messenger as service, etc.</li>
<li>The <tt>lib</tt> directory contains libraries necessary for
running Jive Messenger.</li>
<li>The <tt>plugins</tt> directory contains server plugins. By
default, Jive Messenger ships with a web-based admin console plugin.</li>
<li>The <tt>resources/database</tt> directory contains SQL schema files to
create new Jive Messenger databases, as well as upgrade scripts for
existing installations. </li>
<li>The <tt>resources/security</tt> directory is where Jive Messenger
maintains keystores to support SSL connection security.</li>
<li>The <tt>documentation</tt> directory contains server
documentation.</li>
</ul><p>
<h2><a name="database">Setting Up the Database</a></h2>
<p> <a>Jive Messenger uses a database to store it's data. To setup
your
database you must load the appropriate database schema. You can find
schemas in the <tt>resources/database</tt> directory of this distribution. View
the </a><a href="database.html">database
setup</a> documentation to learn how to install the schemas and JDBC
drivers.</p>
<p> Complete the database steps outlined in the database setup
documentation before proceeding further.<br>
</p>
<h2><a name="config"></a>Setup the Server</h2>
<p>A web based, "wizard" driven setup and configuration tool is built
into
Jive Messenger. Simply launch Jive Messenger and use a web browser to
connect to the admin console. The default port for the
web-based admin console is 9090. If you are on the same machine as Messenger the
following URL will
usually work: <a href="http://127.0.0.1:9090">http://127.0.0.1:9090</a>.</p>
<p>If you used the Jive Messenger installer, a shortcut for starting the
application is provided. Starting the server using this icon starts a
graphical launcher application. A button
on the launcher allows you to automatically open your web browser to
the correct URL
to finish setting up the server. Large deployments should use the
command line or Windows Service or *nix deployment options described
below to properly configure JVM settings before using. If you didn't
use the installer, you can start Jive Messenger using the startup script
in the <tt>bin</tt> directory.
<p>If you want to manually set up the server, edit the <tt>conf/jive-messenger.xml</tt>
file. To bypass the server's normal setup mode after manually
configuring the server, add
a &lt;setup&gt;true&lt;/setup&gt; element to the XML file to indicate
that the server
has been setup.</p>
<p>
If you wish to use SSL, run the keytool application that ships with the
Sun JDK to add the appropriate server certificates to the keystore
located in the <tt>security</tt> directory. Self-signed certificates
will work fine for testing. We've provided a dummy self-signed
certificate for your server if it is 127.0.0.1 (the localhost).</p>
<!--
<h3>Windows Service</h3>
<p>If you're running Messenger on Windows, you will eventually want to
run Messenger as a standard Windows service.
In order to do this, make sure the <tt>JAVA_HOME</tt> environmental
variable is set to the base directory of your JRE/JDK directory or the <tt>jre</tt>
sub directory of your installation if you
installed a built-in JRE (Control Panel, System, Advanced, click on the
"Enviromental Variables" button). Next, copy all the files
from the <tt>bin/windows</tt> to the <tt>bin</tt> directory. Edit the
<tt>config/wrapper.conf</tt> file to allocate the proper amount of heap
memory
for your deployment. On most systems, Messenger will need about 256MB
of heap memory for each 1000 simultaneous connections (<a href="note1">1</a>).<br>
</p>
<p>Run <tt>install-messengerd.bat</tt> to install Messenger as a
windows service.
Now you can use the Control Panel, Administration Tools, Services
applet to start, stop, and restart Messenger as well as determine if it
starts with the server, what happens on failures, etc. Uninstall the
Messenger windows service by running
<tt>uninstall-messenger.bat</tt>.</p>
<p>You can also run Messenger directly using the included <tt>messengerd.bat</tt>
script using the same
service wrapper code that the Windows service uses. The service wrapper
provides quality of service tools that
ensure high reliability operation of Messenger including detecting hung
or failed processes and automatically
restarting Messenger.</p>
<h3>Solaris/Linux/MacOS X Deployment</h3>
<p>If you are deploying Messenger on these three supported Unix
systems, platform specific startup scripts and helper
applications are provided in the <tt>bin</tt> directory. Copy the
files from the appropriate directory into the <tt>bin</tt>
directory and set the <tt>JIVE_HOME</tt> environmental variable.&nbsp;
Edit the
<tt>config/wrapper.conf</tt> file to allocate the proper amount of heap
memory
for your deployment. On most systems, Messenger will need about 256MB
of heap memory for each 1000 simultaneous connections (<a href="#note1">1</a>).
<br>
</p>
<p>Run
the messengerd.sh shell script to start Messenger (you
may have to set it's executable permission using chmod). The wrapper
scripts and helper applications are fairly standard
daemon scripts supporting the following commands:</p>
<ul>
<li><tt>start</tt> - starts the Messenger daemon process. </li>
<li><tt>stop</tt> - stops the Messenger daemon process. </li>
<li><tt>restart</tt> - restarsts the Messenger daemon process. </li>
<li><tt>console</tt> - starts Messenger in the current shell allowing
the user to watch the Wrapper and Messenger's action on the terminal
and kill the application with CTRL-C. </li>
<li><tt>dump</tt> - sends a <tt>kill -3</tt> signal to the daemon
process causing the JVM to do a full thread dump. </li>
</ul>
<p>The deployment service wrapper increases Messenger's reliability by
running a monitor in a separate process that watches the Messenger JVM.
If the Messenger JVM runs into trouble, the wrapper will detect and
restart Messenger automatically
ensuring that Messenger continues to be available to users.</p>
-->
<h2><a name="tools">Admin Console</a></h2>
<p>After completing the above steps, Messenger will be configured
and you can use the web-based admin console to administer
the server. The URL should be the same as you used to setup the server
unless you changed the port during the setup.<br>
</p>
</body>
</html>
documentation/docs/ldap-guide.html 0 → 100644
View file @ 82ce558f
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Jive Messenger LDAP Guide</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<a name="top"></a>
<h1>Jive Messenger LDAP Guide</h1>
<h2>Introduction</h2>
<p>
This document details how to configure your Jive Messenger installation to use an external LDAP store when
authenticating users.
</p>
<h2>Background</h2>
<p>
LDAP (Lightweight Directory Access Protocol) has emerged as a dominant standard
for user authentication and for storage of user profile data. It serves as a
powerful tool for large organizations (or those organizations integrating many
applications) to simplify user management issues.
</p>
<p>
By default, Jive Messenger stores all user data in a database and performs
authentication using database lookups. The LDAP module replaces that
functionality and allows Jive Messenger to:
<ul>
<li>
Use a LDAP server to authenticate a user's identity.
</li>
<li>
Load and store user profile information in a LDAP directory.
</li>
</ul>
</p>
<p>
This document will guide you through preparing your LDAP server and provide
details about how to install the LDAP module on Jive Messenger. These
instructions assume that you're a competent LDAP user, and that you're familiar
with Jive Messenger setup issues. The iPlanet Directory Server 5.0 LDAP server
was used for development and testing, but any LDAP compliant server should also
work.
</p>
<h2>Choosing an LDAP storage mode</h2>
<p>Two modes for storing user data in an LDAP directory are supported:
<ol>
<li>
Mixed Mode (LDAP and User Database) -- Username, name and email are stored in
LDAP. All Jive-specific data is stored in the Jive Messenger user database.
This mode requires no changes to your LDAP directory.
</li>
<li>
Pure LDAP Mode -- All user data is stored in LDAP, including Messenger-specific
data. This mode requires you to make changes to your LDAP schema.
</li>
</ol>
The first option is easier to setup and is generally the better solution.
However, the second option is also appropriate in some cases.
</p>
<h2>Configuration</h2>
<p>
In order to configure your server to use LDAP you need complete the following
tasks:
<ol>
<li>
Stop Messenger.
</li>
<li>Edit <tt>MESSENGER_HOME/config/jive-messenger.xml</tt> as described below.
</li>
<li>
Restart Messenger.
</li>
</ol>
</p>
<h3>Configure Messenger</h3>
<p>
Open the Messenger configuration file <tt>MESSENGER_HOME/config/jive-messenger.xml</tt> in your favorite
editor and add or change the following settings:
</p>
<ul>
<li>UserProvider.id.className - com.jivesoftware.xmpp.ldap.LdapUserIDProvider</li>
<li>UserProvider.properties.className</li>
<li>UserProvider.info.className</li>
<li>UserProvider.account.className</li>
<li>UserProvider.roster.className</li>
<li>ldap.host - LDAP server host; e.g. localhost or machine.example.com, etc.</li>
<li>ldap.port - LDAP server port number</li>
<li>ldap.usernameField - The field name that the username lookups will be performed on.</li>
<li>ldap.baseDN - The starting DN that searches for users will performed with. The entire subtree under the base
DN will be searched for user accounts.
</li>
<li>ldap.nameField - The field name that holds the user's name.</li>
<li>ldap.emailField - The field name that holds the user's email address.</li>
<li>ldap.adminDN - A directory administrator's DN. All directory operations will be performed with this account.
For normal usage of the module, the admin should have full administrative controls over the directory.
</li>
<li>ldap.adminPassword - The password for the directory administrator.</li>
<li>ldap.debugEnabled - A value of "true" if debugging should be turned on. When on, trace information about
buffers sent and received by the LDAP provider is written to System.out</li>
<li>ldap.sslEnabled - Enable SSL connections to your LDAP server. If you enable SSL connections, the LDAP server port
number most likely should be changed to 636.
</li>
<li>ldap.mode - "0" for all LDAP mode, "1" for mixed LDAP/Jive DB mode</li>
</ul>
<p>
Below is a sample set up.
</p>
<pre><code>
&lt;jive&gt;
...
&lt;UserProvider&gt;
&lt;id&gt;
&lt;className&gt;org.jivesoftware.messenger.ldap.LdapUserIDProvider&lt;/className&gt;
&lt;/id&gt;
&lt;properties&gt;
&lt;className&gt;org.jivesoftware.messenger.ldap.LdapUserPropertiesProvider&lt;/className&gt;
&lt;/properties&gt;
&lt;info&gt;
&lt;className&gt;org.jivesoftware.messenger.ldap.LdapUserInfoProvider&lt;/className&gt;
&lt;/info&gt;
&lt;account&gt;
&lt;className&gt;org.jivesoftware.messenger.ldap.LdapUserAccountProvider&lt;/className&gt;
&lt;/account&gt;
&lt;UserProvider&gt;
&lt;ldap&gt;
&lt;host&gt;myhost.com&lt;/host&gt;
&lt;port&gt;389&lt;/port&gt;
&lt;usernameField&gt;uid&lt;/usernameField&gt;
&lt;emailField&gt;mail&lt;/emailField&gt;
&lt;baseDN&gt;o=mycompany, c=mycountry&lt;/baseDN&gt;
&lt;nameField&gt;cn&lt;/nameField&gt;
&lt;adminDN&gt;cn=ldap-administrator&lt;/adminDN&gt;
&lt;adminPassword&gt;adm1npwd&lt;/adminPassword&gt;
&lt;debugEnabled&gt;false&lt;/debugEnabled&gt;
&lt;sslEnabled&gt;false&lt;/sslEnabled&gt;
&lt;mode&gt;1&lt;/mode&gt;
&lt;/ldap&gt;
...
&lt;/jive&gt;
</code></pre>
<h2>Configure the LDAP Server (optional)</h2>
<p>
<b>Note:</b> If you use the "mixed mode" of the Jive Messenger LDAP module, no changes to your LDAP directory are
necessary. However, if you use the "pure mode", you'll need to make changes to your directory as detailed below.
Several custom LDAP attributes are used to store things such as the numeric Jive Messenger user ID,
the date the account was created, privacy flags, etc. The first step is to define these attributes in your LDAP
directory.
</p>
<table>
<tr>
<th>Name</th>
<th>Type</th>
<th>OID</th>
<th>Multi-valued</th>
<th>Description</th>
</tr>
<tr>
<td>jiveUserID</td>
<td>Integer </td>
<td>1.3.6.1.4.1.10985.389.2 </td>
<td>No </td>
<td>A numeric ID that Jive Messenger uses to identify a user.</td>
</tr>
<tr>
<td>jiveNameVisible </td>
<td>String </td>
<td>1.3.6.1.4.1.10985.389.3 </td>
<td>No </td>
<td>The value is "true" if a user wishes to show their name publicly; "false" otherwise.</td>
</tr>
<tr>
<td>jiveEmailVisible </td>
<td>String </td>
<td>1.3.6.1.4.1.2.10985.389.4 </td>
<td>No </td>
<td>The value is "true" if a user wishes to show their email address publicly; "false" otherwise.</td>
</tr>
<tr>
<td>jiveCDate </td>
<td>String </td>
<td>1.3.6.1.4.1.10985.389.6 </td>
<td>No </td>
<td>The date the user became a Jive Messenger user.</td>
</tr>
<tr>
<td>jiveMDate </td>
<td>String </td>
<td>1.3.6.1.4.1.10985.389.7 </td>
<td>No </td>
<td>The date the user information was last updated.</td>
</tr>
<tr>
<td>jiveProps </td>
<td>String </td>
<td>1.3.6.1.4.1.10985.389.8 </td>
<td>Yes </td>
<td>A collection of extended properties for the user.</td>
</tr>
</table>
<p>Next, you can optionally create a new object class that uses the specified attributes
(or modify an existing object to add the attributes). The Jive Messenger LDAP module does not actually pay attention to
object types, but only looks for the correct attributes. If you do create a new object, the object name should be
"jivePerson" with an OID of 1.3.6.1.4.1.2.10985.389.1.
</p>
<p>
Each of the attributes listed above must be added as an optional attribute since the attributes will not be
created until the user logs into Jive Messenger for the first time.
</p>
<p>
Also, you may wish to create an index on the "jiveUserID" attribute so that lookups on that field are fast.
</p>
</body>
documentation/docs/ssl-guide.html 0 → 100644
View file @ 82ce558f
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Jive Messenger SSL Guide</title>
<link type="text/css" rel="stylesheet" href="style.css">
</head>
<body>
<a name="top"></a>
<h1>Jive Messenger SSL Guide</h1>
<h2>Introduction</h2>
<p>
This document outlines how to configure your SSL setup. Jive
Messenger's SSL support
is built using the standard Java security SSL implementation
(javax.net.ssl.SSLServerSocket).
Java security allows implementations of the JVM flexibility in how
security is implemented.
Unfortunately, the flexibility means there is no definitive mechanism
for configuring SSL security on
all JVMs. You must consult the documentation for your JVM in creating a
valid keystore and truststore
and populating those with the SSL certificates needed for your
deployment. In this document, we will describe how use the standard JDK
1.4 tools to accomplish these tasks.
</p>
<h2>Background</h2>
<p>
A server SSL connection uses two sets of certificates to secure the
connection. The first set is called a "keystore". The keystore contains
the keys and certificates for the server. These security credentials
are used to prove to clients that the server is legitimately operating
on behalf of a particular domain.
If your server will only need to act as one domain, you only need one
key entry and certificate in the keystore.
Keys are stored in the keystore under aliases. Each alias corresponds
to a domain name (e.g. "server.com").
</p>
<p>
The second set of certificates is called the "truststore" and is used
to verify that a client is legitimately
operating on behalf of a particular user. In the vast majority of
cases, the truststore is empty and the server
will not attempt to validate client connections using SSL. Instead, the
XMPP authentication process verifies users
in-band. However, you may wish to require SSL authentication for
certain clients when security is especially
important and the number of clients connection to the server is
relatively small.
</p>
<p>
Certificates attempt to guarantee that a particular party is who they
claim to be.
Certificates are trusted based on who signed the certifcate. If you
only require light security,
are deploying for internal use on trusted networks, etc. you can use
"self-signed" certificates.
Self-signed certificates encrypts the communication channel between
client and server. However
the client must verify the legitimacy of the self-signed certificate
through some other
channel. The most common client reaction to a self-signed certificate
is to ask the user whether
to trust the certificate, or to silently trust the certificate is
legitimate. Unfortunately, blindly accepting self-signed certificates
opens up the system to 'man-in-the-middle' attacks.
</p>
<p>
The advantage of a self-signed certificate is you can create them for
free which is great
when cost is a major concern, or for testing and evaluation. In
addition, you can safely
use a self-signed certificate if you can verify that the certificate
you're using is legitimate. So if
a system administrator creates a self-signed certificate, then
personally installs it on a client's
truststore (so that the certificate is trusted) you can be assured that
the SSL connection will only
work between the client and the correct server.
</p>
<p>
For higher security deployments, you should get your certificate signed
by a certificate authority (CA).
Clients truststores will usually contain the certificates of the major
CA's and can verify that a CA has
signed a certificate. This chain of trust allows clients to trust
certificate from servers they've never
interacted with before. Certificate signing is similar to a public
notary (with equivalent amounts of
verification of identity, record keeping, and costs).
</p>
<h2>Sun JDK 1.4 security tools</h2>
<p>
The Sun JDK (version 1.4.x) ships with all the security tools you need
to configure SSL with Jive
Messenger. The most important is the <tt>keytool</tt> located in the <tt>JAVA_HOME/bin
directory</tt> of the JDK.
Sun JVMs persist keystores and truststores on the filesystem as
encrypted files. The <tt>keytool</tt> is used to
create, read, update, and delete entries in these files. Jive Messenger
ships with a self-signed "dummy" certificate
designed for initial evaluation testing. You will need to adjust the
default configuration for most deployments.
</p>
<p>
In order to configure SSL on your server you need complete the
following tasks:
</p>
<ol>
<li>Decide on your Jive Messenger server's domain.</li>
<li>Create a self-signed SSL server certificate for your server
domain. Note: you may already have one if your Jive Messenger server
domain matches an existing web domain with SSL.
If so, you can skip to step 4.</li>
<li>[Optional] Have a certificate authority (CA) certify the SSL
server certificate.
<ol style="list-style-type: lower-alpha;">
<li>Generate a certificate signing request (CSR).</li>
<li>Submit your CSR to a CA for signing.</li>
</ol>
</li>
<li>Import the server certificate into the keystore. Note: if you are
going to use a self-signed certificate
generated in step 2, the certificate is already imported and you can
skip this step.</li>
<li>Import client certificates into the truststore.</li>
<li>Adjust the Messenger configuration with proper keystore and
truststore settings.</li>
</ol>
<h3>1 Decide on a Server Domain</h3>
<p>
The Messenger server domain should match the host name of the server;
for example, "server.com". Your
user accounts will have addresses with the format "user@server.com"
like email addresses. We'll assume
the domain is "server.com" for the rest of the examples.
</p>
<h3>2 Create a self-signed server certificate</h3>
<p>
In order to create a self-signed server certificate go to the command
line and change directories to the <tt>MESSENGER_HOME/security</tt>
directory. You should see the default
<tt>keystore</tt> and <tt>truststore</tt> files. First, you should
change the default keystore
password:
</p>
<p><tt>keytool -storepasswd -keystore keystore</tt></p>
<p>
keytool will ask for the old password (by default it is <tt>changeit</tt>)
then the new password.
Now we'll create a certificate using the keytool:
</p>
<p><tt>keytool -genkey -keystore keystore -alias server.com</tt></p>
<p>
where you should substitute your server's name for <tt>server.com</tt>.
The keytool will
ask for the store password, then several pieces of information required
for the certificate.
Enter all the information and the keytool will ask you to verify the
information and set
a key password. <b>You must use the same key password as the store
password.</b> By default
you get this by simply hitting 'enter' when prompted for a key
password.
</p>
<h3>3 Obtain a CA signed certificate</h3>
<p>
If you decide to get a CA signed certificate, you must first export the
certificate in the
standard CSR format. You can do this with the keytool:
</p>
<p><tt>keytool -certreq -keystore keystore -alias server.com -file
certificate_file</tt></p>
<p>
Where you should substitute your server's name for <tt>server.com</tt>
and the name of the
certificate file you wish to produce for <tt>certificate_file</tt>.
Submit the generated CSR to the CA and follow their instructions to get
it signed.
</p>
<h3>4 Import server certificates</h3>
<p>
If you had a CA sign your server certificate, or if you have an
existing SSL certificate,
you must import it using the keytool.
</p>
<p><tt>keytool -import -keystore keystore -alias server.com -file
signed_certificate_file</tt></p>
<p>
It is important that the alias not already have an associated key or
you'll receive an error.
</p>
<h3>5 Import client certificates</h3>
<p>
If you require clients to verify themselves using certificates, obtain
their certificates and import them into the truststore file rather than
the keystore. First, you should change the default truststore
password:
</p>
<p><tt>keytool -storepasswd -keystore truststore</tt></p>
<p>
keytool will ask for the old password (by default it is <tt>changeit</tt>)
then the new password.
Now import each certificate using the keytool:
</p>
<p><tt>keytool -import -keystore truststore -alias user_name -file
certificate_file</tt></p>
<h3>6 Configure Messenger</h3>
<p>
Open the Messenger configuration file <tt>MESSENGER_HOME/config/jive-messenger.xml</tt>
in your favorite
editor and change the following settings:
</p>
<ul>
<li>jive.xmpp.socket.ssl.active - set to 'true' to active SSL</li>
<li>jive.xmpp.socket.ssl.port - the port to use for SSL (default is
5223 for XMPP)</li>
<li>jive.xmpp.socket.ssl.storeType - the store type used ("JKS" is
the Sun Java Keystore format used by the JDK keytool).</li>
<li>jive.xmpp.socket.ssl.keystore - The location of the keystore file
relative to the <tt>MESSENGER_HOME</tt> root directory.</li>
<li>jive.xmpp.socket.ssl.keypass - The keystore/key password you
changed in step 2.</li>
<li>jive.xmpp.socket.ssl.truststore - Leave blank to not use a
truststore, otherwise the location of the truststore file relative to
the <tt>MESSENGER_HOME</tt> root directory.</li>
<li>jive.xmpp.socket.ssl.trustpass - The truststore/key password you
changed in step 5.</li>
</ul>
<p>
Below is a sample set up with no truststore.
</p>
<pre><code>
&lt;jive&gt;
&lt;xmpp&gt;
&lt;socket&gt;
&lt;ssl&gt;
&lt;active&gt;true&lt;/active&gt;
&lt;port&gt;5223&lt;/port&gt;
&lt;storeType&gt;JKS&lt;/storeType&gt;
&lt;keystore&gt;security/keystore&lt;/keystore&gt;
&lt;keypass&gt;changeit&lt;/keypass&gt;
&lt;truststore/&gt;
&lt;trustpass/&gt;
&lt;/ssl&gt;
&lt;/socket&gt;
&lt;/xmpp&gt;
&lt;/jive&gt;
</code></pre></body>
</html>
documentation/docs/style.css 0 → 100644
View file @ 82ce558f
BODY {
font-size : 100%;
background-color : #fff;
}
BODY, TD, TH {
font-family : tahoma, arial, helvetica;
font-size : 0.8em;
}
PRE, TT, CODE {
font-family : courier new, monospaced;
font-size : 1.0em;
}
A:hover {
text-decoration : none;
}
LI {
padding-bottom : 4px;
}
H1 {
font-size : 1.4em;
font-weight : bold;
width : 100%;
border-bottom : 1px #ccc solid;
padding-bottom : 2px;
}
H2 {
font-size : 12px;
font-weight : bold;
}
H3 {
font-size : 12px;
font-weight : bold;
}
TT {
font-family : courier new;
font-weight : bold;
color : #060;
}
.subheader {
font-weight : bold;
}
.footer {
font-size : 0.8em;
color : #999;
text-align : center;
width : 100%;
border-top : 1px #ccc solid;
padding-top : 2px;
}
.code {
border : 1px #ccc solid;
padding : 0em 1.0em 0em 1.0em;
margin : 4px 0px 4px 0px;
}
.nav, .nav A {
font-family : verdana;
font-size : 0.85em;
color : #600;
text-decoration : none;
font-weight : bold;
}
.note {
font-family : verdana;
font-size : 0.85em;
color : #600;
text-decoration : none;
font-weight : bold;
}
.nav {
width : 100%;
border-bottom : 1px #ccc solid;
padding : 3px 3px 5px 1px;
}
.nav A:hover {
text-decoration : underline;
}.question {
font-weight: 600;
}
.answer {
font-weight: 300;
}
.toc {
right: 5px;
}
TABLE.dbtable {
border : 1px #ccc solid;
width : 600px;
}
TR, TH {
border-bottom : 1px #ccc solid;
}
TH, TD {
padding-right : 15px;
}
TH {
text-align : left;
white-space : nowrap;
background-color : #eee;
}
.primary-key {
background-color : #ffc;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023