Openfire icon showing red with SSL configured and behind a load balancer

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Remedy with Smart IT



    PROBLEM:

    When logging in to Smart IT the chat icon remains red in a configuration of SSL and Load Balancer environment


    CAUSE:

    SSL certificate is corrupt or invalid


    SOLUTION:

    Firs try to observe what call you are getting with F12 network capture
    -Check that the values for chat are properly configured in the Centralized Configuration for the load balancer
    -Validate the parameters are also properly configured inside the Openfire Admin Console for the load balancer

    For CCS check below
    chat.server.admin.login : <admin>
    chat.server.admin.password: <password of admin user>
    chat.server.admin.pool.size: 6
    chat.server.boshUrl: [http://<smartit.fqdn:7070/http-bind/]
    chat.server.client.port: 5222
    chat.server.cm.host: [smaritserver.fqdn> OR <loadbalancer.fqdn resolving to SmartIT servers]
    chat.server.domain: [smaritserver.fqdn> OR <loadbalancer.fqdn resolving to SmartIT servers]
    chat.server.groupChatService: conference

    For Openfire Admin Console -> Server -> Server Manager -> System Properties. Ensure below parameters are correct.
     

    Property Name- provider.auth.className
    Property Value- org.jivesoftware.openfire.auth.HybridAuthProvider

    Property Name- xmpp.domain
    Property Value- <smartichat.fqdn>

    Property Name- xmpp.fqdn
    Property Value- FQDN of the Openfire Server

    Property Name- hybridAuthProvider.primaryProvider.className
    Property Value- org.jivesoftware.openfire.auth.DefaultAuthProvider

      

    Property Name- hybridAuthProvider.secondaryProvider.className
    Property Value- com.bmc.bsm.galileo.chat.openfire.AuthPlugin

      

    Property Name- provider.auth.authResource
    Property Value- <loadbalancerurl>/ux/rest/users/chat/

    -Enable the Openfire logs in debug mode and restart the services

      
    On this specific use case we were able to observe SSL related issues in the openfire logs. To confirm that this is not an LB issue, we tried connecting Smart-It and Openfire using the direct server host instead of the LB. But we were getting errors as the SSL certificates that they had were generated for the LB host. 

    We have asked the customer to follow :https://docs.bmc.com/docs/smartit1805/enabling-ssl-for-openfire-chat-server-803118141.html for importing the certificate. (Customers can import it directly from the openfire admin console or using the keystore explorer) 

    Solution:

    With keytool they imported the bnsf keystore to the Root Certificate Authority. 
    /opt/remedy/java/jdk/bin/keytool -importcert -trustcacerts -alias bnsfca2 -file /opt/remedy/src/bnsfCert2.cer -keystore /opt/remedy/java/jdk/jre/lib/security/cacerts 
    We didn't have to touch the /openfire/resources/security/.keystore file. 

    Once the import was done we restarted Smart IT and Openfire. It turned green and the issue got solved. 
      

     


    Article Number:

    000189187


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles