server2server.settings.boxinfo=Openfire can accept plain-text connections, which, depending on the policy that is configured here, can be upgraded to encrypted connections (using the STARTTLS protocol).
server2server.settings.label_disable=Disabled
server2server.settings.label_disable_info=Remote servers are not allowed to exchange packets with this server.
server2server.settings.label_enable=Enabled
server2server.settings.label_enable_info=Remote servers can exchange packets with this server on port
server2server.settings.label_port=Port number
server2server.settings.valid.port=Please enter a valid port.
component.settings.plaintext.info=Openfire can accept plain-text connections, which, depending on the policy that is configured here, can be upgraded to encrypted connections (using the STARTTLS protocol).
component.settings.legacymode.info=Connections of this type are established using encryption immediately (as opposed to using STARTTLS). This type of connectivity is commonly referred to as the "legacy" method of establishing encrypted communications.
connection.advanced.settings.clientauth.info=In addition to requiring peers to use encryption (which will force them to verify the security certificates of this Openfire instance) an additional level of security can be enabled. With this option, the server can be configured to verify certificates that are to be provided by the peers. This is commonly referred to as 'mutual authentication'.
connection.advanced.settings.clientauth.label_disabled=<b>Disabled</b> - Peer certificates are not verified.
connection.advanced.settings.clientauth.label_wanted=<b>Wanted</b> - Peer certificates are verified, but only when they are presented by the peer.
connection.advanced.settings.clientauth.label_needed=<b>Needed</b> - A connection cannot be established if the peer does not present a valid certificate.
connection.advanced.settings.certchain.info=These options configure some aspects of the verification/validation of the certificates that are presented by peers while setting up encrypted connections.
connection.advanced.settings.certchain.label_selfsigned=Allow peer certificates to be self-signed.
connection.advanced.settings.certchain.label_validity=Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).
connection.advanced.settings.protocols.info=These are all encryption protocols that this instance of Openfire supports. Those with a checked box are enabled, and can be used to establish an encrypted connection. Deselecting all values will cause a default to be restored.
connection.advanced.settings.protocols.sslv2hello.info=When setting up a new encrypted connection some encryption protocols allow you to have part of the handshake (the 'hello') encapsulated in an SSLv2 format. The SSLv2Hello option below controls this encapsulation. When disabled, all incoming data must conform to the SSLv3/TLSv1 handshake format, and all outgoing data (which applies to outbound server-to-server connections) will conform to the SSLv3/TLSv1 format.
connection.advanced.settings.ciphersuites.info=These are all encryption cipher suites that this instance of Openfire supports. Those in the list on the left are enabled, and can be used to establish an encrypted connection. Removing all values from that list will cause a default to be restored.
ssl.settings.client.plaintext.info=Openfire can accept plain-text connections, which, depending on the policy that is configured here, can be upgraded to encrypted connections (using the STARTTLS protocol).
ssl.settings.client.legacymode.info=Connections of this type are established using encryption immediately (as opposed to using STARTTLS). This type of connectivity is commonly referred to as the "legacy" method of establishing encrypted communications.
ssl.certificates.store-management.info-1=Certificates are used (through TLS and SSL protocols) to establish secure connections between servers and clients. When a secured connection is being created, parties can retrieve a certificate from the other party and (amongst others) examine the issuer of those certificates. If the issuer is trusted, a secured layer of communication can be established.
ssl.certificates.store-management.info-2=Certificates are kept in specialized repositories, or 'stores'. Openfire provides two types of stores: <ul><li><em>Identity stores</em> are used to store certificates that identify this instance of Openfire. On request, they certificates from these stores are transmitted to other parties which use them to identify your server. </li> <li><em>Trust stores</em> contain certificates that identify parties that you choose to trust. Trust stores often do not include the certificate from the remote party directly, but instead holds certificates from organizations that are trusted to identify the certificate of the remote party. Such organizations are commonly referred to as "Certificate Authorities".</li></ul>
ssl.certificates.store-management.info-3=This section of the admin panel is dedicated to management of the various key and trust stores that act as repositories for sets of security certificates. By default, a small set of stores is re-used for various purposes, but Openfire allows you to configure a distinct set of stores for each connection type.
ssl.certificates.store-management.socket-c2s-stores.info=These stores are used for regular, TCP-based client-to-server XMPP communication. Two stores are provided\:one identity store and a trust store. Openfire ships with an empty trust store, as in typical environments, certificate-based authentication of clients is not required.
ssl.certificates.store-management.socket-s2s-stores.info=These stores are used for erver-to-server XMPP communication, which establishes server federation. Two stores are provided\:one identity store and a trust store. Openfire ships with a trust store filled with certificates of generally accepted certificate authorities.
ssl.certificates.store-management.bosh-c2s-stores.info=These stores are used for BOSH-based XMPP communication. Two stores are provided\:an identity store and a client trust store.
ssl.certificates.store-management.admin-console-stores.info=These stores are used for the web-based admin console (you're looking at it right now\!). Again, two stores are provided an identity store and a trust store (used for optional authentication of browsers that use the admin panel).
ssl.certificates.store-management.connection-manager-stores.info=These stores are used to establish connections with Openfire Connection Managers.ssl.certificates.store-management.socket-s2s-stores.title=Server Federation Stores
ssl.certificates.store-management.manage=Manage Store Contents
# Openfire Certificates Page
...
...
@@ -2275,27 +2344,6 @@ ssl.signing-request.requests_info=Below you will find the signing requests gener
certificate-management.connectionType.SOCKETBASED_IDENTITYSTORE.title=Identity Store (socket)
certificate-management.connectionType.SOCKETBASED_IDENTITYSTORE.description=This store contains certificates that identify this Openfire instance, used for plain socket-based connections.
certificate-management.connectionType.SOCKETBASED_S2S_TRUSTSTORE.title=Server-to-Server Trust Store (socket)
certificate-management.connectionType.SOCKETBASED_S2S_TRUSTSTORE.description=This store contains certificates of security authorities that are trusted to identify other XMPP servers. These certificates are used during server-to-server federation via plain socket-based connections.
certificate-management.connectionType.SOCKETBASED_C2S_TRUSTSTORE.title=Client-to-Server Trust Store (socket)
certificate-management.connectionType.SOCKETBASED_C2S_TRUSTSTORE.description=This store contains certificates of security authorities that are trusted to identify XMPP clients. These certificates are used during mutual authentication via plain socket-based connections.
certificate-management.connectionType.BOSHBASED_IDENTITYSTORE.title=Identity Store (BOSH/HTTP-bind)
certificate-management.connectionType.BOSHBASED_IDENTITYSTORE.description=This store contains certificates that identify this Openfire instance, used for BOSH (HTTP-bind) connections.
certificate-management.connectionType.BOSHBASED_C2S_TRUSTSTORE.title=Client-to-Server Trust Store (BOSH/HTTP-bind)
certificate-management.connectionType.BOSHBASED_C2S_TRUSTSTORE.description=This store contains certificates of security authorities that are trusted to identify XMPP clients. These certificates are used during mutual authentication via BOSH (HTTP-bind) connections.
certificate-management.connectionType.ADMINISTRATIVE_IDENTITYSTORE.title=Administrative Identity Store
certificate-management.connectionType.ADMINISTRATIVE_IDENTITYSTORE.description=This store contains certificates that identify this Openfire instance, used for connections to administrative services (eg: user providers).
certificate-management.connectionType.ADMINISTRATIVE_TRUSTSTORE.title=Administrative Trust Store
certificate-management.connectionType.ADMINISTRATIVE_TRUSTSTORE.description=This store contains certificates of security authorities that are trusted to identify applications/servers that provide administrative functionality (eg: user providers).
certificate-management.connectionType.WEBADMIN_IDENTITYSTORE.title=Admin Panel Identity Store
certificate-management.connectionType.WEBADMIN_IDENTITYSTORE.description=This store contains certificates that identify this Openfire instance, used by the Web-Admin panel (when accessed via HTTPS).
certificate-management.connectionType.WEBADMIN_TRUSTSTORE.title=Admin Panel Trust Store
certificate-management.connectionType.WEBADMIN_TRUSTSTORE.description=This store contains certificates of security authorities that are trusted to identify parties that wish to interact with the Openfire Web-Admin.
# Restart HTTP server
server-restart.title=HTTP Server Restart
...
...
@@ -2967,7 +3015,11 @@ ssl.import.certificate.keystore.info=Use the form below to import a private key
ssl.import.certificate.keystore.boxtitle=Import Private Key and Certificate
ssl.import.certificate.keystore.pass-phrase=Pass Phrase used for creating Private Key:
ssl.import.certificate.keystore.private-key=Content of Private Key file:
ssl.import.certificate.keystore.certificate.info=Please provide the PEM representation of the certificate chain that represents the identity of Openfire. Note that the certificate chain must be based on the private key provided above.
ssl.import.certificate.keystore.error.private-key=Please specify the content of the private key.
ssl.import.certificate.keystore.error.certificate=Please specify the content of the certificate to import.
ssl.import.certificate.keystore.error.import=There was an error while trying to import the private key and signed certificate.
<p>In addition to requiring peers to use encryption (which will force them to verify the security certificates of this Openfire instance) an additional level of security can be enabled. With this option, the server can be configured to verify certificates that are to be provided by the peers. This is commonly referred to as 'mutual authentication'.</p>
<p>These options configure some aspects of the verification/validation of the certificates that are presented by peers while setting up encrypted connections.</p>
<inputtype="checkbox"name="accept-self-signed-certificates"id="accept-self-signed-certificates"${configuration.acceptSelfSignedCertificates?'checked':''}/><labelfor="accept-self-signed-certificates">Allow peer certificates to be self-signed.</label>
<inputtype="checkbox"name="verify-certificate-validity"id="verify-certificate-validity"${configuration.verifyCertificateValidity?'checked':''}/><labelfor="verify-certificate-validity">Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).</label>
<p>These are all encryption protocols that this instance of Openfire supports. Those with a checked box are enabled, and can be used to establish an encrypted connection. Deselecting all values will cause a default to be restored.</p>
<p>These are all encryption cipher suites that this instance of Openfire supports. Those in the list on the left are enabled, and can be used to establish an encrypted connection. Removing all values from that list will cause a default to be restored.</p>
<p>Openfire can accept plain-text connections, which, depending on the policy that is configured here, can be upgraded to encrypted connections (using the STARTTLS protocol).</p>
<p>Connections of this type are established using encryption immediately (as opposed to using STARTTLS). This type of connectivity is commonly referred to as the "legacy" method of establishing encrypted communications.</p>
<p>Openfire can accept plain-text connections, which, depending on the policy that is configured here, can be upgraded to encrypted connections (using the STARTTLS protocol).</p>
<p>Connections of this type are established using encryption immediately (as opposed to using STARTTLS). This type of connectivity is commonly referred to as the "legacy" method of establishing encrypted communications.</p>
<p>Openfire can accept plain-text connections, which, depending on the policy that is configured here, can be upgraded to encrypted connections (using the STARTTLS protocol).</p>
<p>Please provide the PEM representation of the certificate chain that represents the identity of Openfire. Note that the certificate chain must be based on the private key provided above.</p>