Certificate Manager Plugin Readme


The Certificate Manager plugin adds functionality to Openfire that relates to administration of its certificate stores.


Copy certificatemanager.jar into the plugins directory of your Openfire installation. The plugin will then be automatically deployed. To upgrade to a new version, copy the new certificatemanager.jar file over the existing file.


The plugin is configured via the Openfire Admin Console. After installation, a new Admin Console page is available. The page can be found under in the "Server", "TLS/SSL Certificates" tab. There, this plugin adds a new item on the side-bar, named "Management".

Using the Plugin

This plugin allows Openfire to monitor file changes in a particular directory (which, by default, is <OPENFIRE_HOME>/resources/security/hotdeploy/). Whenever a set of files is found that consists of a PEM-encoded private key and a PEM-encoded certificate chain, this plugin will attempt to install them in the Openfire identity store.

Let's Encrypt / Certbot integration

The directory watcher mechanism, described above, is an excellent way to make use of the periodically updated data that's generated by Let's Encrypts Certbot. Openfire can be configured to monitor the directory in which certbot places renewed data. This can, however, lead to file-permission issues (the certbot directories are often not readable by the Openfire process). An alternative solution is to use certbots post-hook to copy the data into a directory that can be used by Openfire.


The icon used in this plugin is designed by Flaticon.