none
OpenFire Federation & Certificate Issue

    Question

  • I am in the process of federating a test OCS deployment with OpenFire. Unfortunately, after setting up the XMPP gateway, I find that TLS errors are occuring on the Edge Server. When running the validation test, I get an error under the Direct Partner Configuration section:

    Direct Partner ocsxmpp.mydomain.com:
    TLS Handshake Failed: Remote disconnected while incoming TLS negotiation was in progress

    At this point, I have verified that the certificate installed on the XMPP gateway has a subject name that matches the FQDN of the gateway server. I also ran the validation test on the SIP-side of the XMPP gateway, which somehow passes successfully.

    Does anyone know what the problem could be? Any suggestions? Has anyone successfully federated OCS to OpenFire?

    Monday, February 15, 2010 8:42 PM

All replies

  • Is the certificate authority from which the Access Edge Certificate is issued from trusted on the OpenFire server?
    Mark King | C/D/H | MCTS:OCS | MCSE: Messaging | MCITP:Enterprise Administrator | CCNA
    Tuesday, February 16, 2010 7:43 PM
  • Yes, the CA Cert has been installed on the OpenFire server.

    With closer inspection, it seems that there are multiple problems here. I am simply trying to address the Edge - XMPP Gateway connectivity first.

    At this point, both the Edge and XMPP Gateway have the CA cert installed. Additionally, it seems that the cert for the Edge external IP matches the FQDN. The cert for the XMPP gateway also matches its FQDN.
    Wednesday, February 17, 2010 3:20 PM
  • Validation using the Edge connectivity wizard will yield failures but you can ignore that because it actually works.

    On Openfire side, if the server session shows no incoming status, set server to server security to custom with no TLS. If you managed to get it to work with security required, do let me know. I am still figuring this one out.
    Tuesday, March 16, 2010 11:38 AM
  • Thanks Farzin - Nextplane seems like a decent alternative.

     

    Do you know if the SIP/SIMPLE gateway on the OpenFire server can work with the OCS edge?

    Saturday, March 20, 2010 7:46 PM