ITPub博客

首页 > Linux操作系统 > Linux操作系统 > openfire安装及ssl配置

openfire安装及ssl配置

原创 Linux操作系统 作者:wzy25 时间:2019-04-28 17:48:06 0 删除 编辑
研究了一下openfire在linux下面的安装,最后建成一个企业用的及时通讯系统,还不错。。。 可以和现有的ldap做集成,不用在新建用户了
1.下载openfire 3.3.3 http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-3.3.3-1.i386.rpm 2.下载 spark (客户端) http://www.igniterealtime.org/downloadServlet?filename=spark/spark_2_5_7.exe 3.安装open fire 切换到root用户 rpm -ivh openfire-3.3.3-1.i386.rpm 会安装在 /opt/openfire目录 4.设置database copy ojdbc14.jar /opt/openfire/lib 创建openfire用户 create user openfire identified by openfire; grant connect,resouce to openfire; 执行创建数据库脚本 用openfire用户执行/opt/openfire/resources/database/openfire_oracle.sql 脚本 sqlplus openfire/openfire @/opt/openfire/resources/database/openfire_oracle.sql 5.执行openfire,进行配置 /etc/init.d/openfire start 6.配置 (图没了??) 7.配置SSL 假设域名为 picclife.cn cd /opt/openfire/resources/security export PATH=/opt/openfire/jre/bin:$PATH 修改ssl keystore密码 [root@devdb01 security]# keytool -storepasswd -keystore keystore Enter keystore password: New keystore password: Re-enter new keystore password: 第一次输入原来的密码 changeit keytool -storepasswd -keystore truststore 生成证书: keytool -genkey -keystore keystore -alias picclife.cn [root@devdb01 security]# keytool -genkey -keystore keystore -alias picclife.cn Enter keystore password: What is your first and last name? [Unknown]: wzy What is the name of your organizational unit? [Unknown]: picclife What is the name of your organization? [Unknown]: picc What is the name of your City or Locality? [Unknown]: bj What is the name of your State or Province? [Unknown]: beijing What is the two-letter country code for this unit? [Unknown]: cn Is CN=wzy, OU=picclife, O=picc, L=bj, ST=beijing, C=cn correct? [no]: yes Enter key password for (RETURN if same as keystore password): 删除原来的证书 keytool -delete -keystore keystore -alias rsa keytool -delete -keystore keystore -alias dsa 设置openfire Open the Openfire Admin Console in your favorite browser and add or change the following system properties: xmpp.socket.ssl.active -- set to 'true' to active SSL xmpp.socket.ssl.port -- the port to use for SSL (default is 5223 for XMPP) xmpp.socket.ssl.storeType -- the store type used ("JKS" is the Sun Java Keystore format used by the JDK keytool). If this property is not defined, Openfire will assume a value of "jks". xmpp.socket.ssl.keystore -- the location of the keystore file relative to your Openfire installation root directory. You can leave this property blank to use the default keystore. xmpp.socket.ssl.keypass -- the keystore/key password you changed in step 2. xmpp.socket.ssl.truststore -- leave blank to not use a truststore, otherwise the location of the truststore file relative to your Openfire installation root directory. xmpp.socket.ssl.trustpass -- the truststore/key password you changed in step 6. 重启openfire。 注意事项: 要让客户端强行使用SSL,需要在服务器上面配置 客户端安全联接 非必须 - 客户端可以使用安全方式联接到服务器。 必须 - 客户端仅使用安全方式联接到服务器。 自定义 - 高级配置 然后配置spark客户端,让其使用自动发现主机和端口。

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/3618/viewspace-485577/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论

注册时间:2001-12-14

  • 博文量
    1011
  • 访问量
    773251