If you simply do echo 1 > keystore, totally blitzes the interface too. Good to know. I'm thinking about popping up a screen that says "the keystore appears to be corrupt" or something like that with the ability to totally overwrite the current keystore with something built by Openfire.

I need to have a key different to the one that openfire creates to get it certified by my ca. Creating a rsa key using keytool certifiing it breaks openfire.

This patch should change the behavior of openfire to not crash when trying to create a csr.

Index: src/java/org/jivesoftware/util/CertificateManager.java
===================================================================
— src/java/org/jivesoftware/util/CertificateManager.java (revision 7909)
+++ src/java/org/jivesoftware/util/CertificateManager.java (working copy)
@@ -326,9 +326,15 @@
PublicKey pubKey = cert.getPublicKey();

String signatureAlgorithm = "DSA".equals(pubKey.getAlgorithm()) ? "SHA1withDSA" : "MD5withRSA";
+
+ PKCS10CertificationRequest csr = null;

• PKCS10CertificationRequest csr =

• new PKCS10CertificationRequest(signatureAlgorithm, xname, pubKey, null, privKey);
  + try {
  + csr = new PKCS10CertificationRequest(signatureAlgorithm, xname, pubKey, null, privKey);
  + } catch (InvalidKeyException ive) {
  + sb.append("Cannot create certificate request.");
  + return sb.toString();
  + }

ByteArrayOutputStream baos = new ByteArrayOutputStream();
DEROutputStream deros = new DEROutputStream(baos);