Openfire icon showing red with SSL configured and behind a load balancer

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    Remedy with Smart IT


    When logging in to Smart IT the chat icon remains red in a configuration of SSL and Load Balancer environment


    SSL certificate is corrupt or invalid


    Firs try to observe what call you are getting with F12 network capture
    -Check that the values for chat are properly configured in the Centralized Configuration for the load balancer
    -Validate the parameters are also properly configured inside the Openfire Admin Console for the load balancer

    For CCS check below
    chat.server.admin.login : <admin>
    chat.server.admin.password: <password of admin user>
    chat.server.admin.pool.size: 6
    chat.server.boshUrl: [http://<smartit.fqdn:7070/http-bind/]
    chat.server.client.port: 5222 [smaritserver.fqdn> OR <loadbalancer.fqdn resolving to SmartIT servers]
    chat.server.domain: [smaritserver.fqdn> OR <loadbalancer.fqdn resolving to SmartIT servers]
    chat.server.groupChatService: conference

    For Openfire Admin Console -> Server -> Server Manager -> System Properties. Ensure below parameters are correct.

    Property Name- provider.auth.className
    Property Value- org.jivesoftware.openfire.auth.HybridAuthProvider

    Property Name- xmpp.domain
    Property Value- <smartichat.fqdn>

    Property Name- xmpp.fqdn
    Property Value- FQDN of the Openfire Server

    Property Name- hybridAuthProvider.primaryProvider.className
    Property Value- org.jivesoftware.openfire.auth.DefaultAuthProvider


    Property Name- hybridAuthProvider.secondaryProvider.className
    Property Value-


    Property Name- provider.auth.authResource
    Property Value- <loadbalancerurl>/ux/rest/users/chat/

    -Enable the Openfire logs in debug mode and restart the services

    On this specific use case we were able to observe SSL related issues in the openfire logs. To confirm that this is not an LB issue, we tried connecting Smart-It and Openfire using the direct server host instead of the LB. But we were getting errors as the SSL certificates that they had were generated for the LB host. 

    We have asked the customer to follow : for importing the certificate. (Customers can import it directly from the openfire admin console or using the keystore explorer) 


    With keytool they imported the bnsf keystore to the Root Certificate Authority. 
    /opt/remedy/java/jdk/bin/keytool -importcert -trustcacerts -alias bnsfca2 -file /opt/remedy/src/bnsfCert2.cer -keystore /opt/remedy/java/jdk/jre/lib/security/cacerts 
    We didn't have to touch the /openfire/resources/security/.keystore file. 

    Once the import was done we restarted Smart IT and Openfire. It turned green and the issue got solved. 


    Article Number:


    Article Type:

    Solutions to a Product Problem

      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles