研究了一下openfire在linux下面的安装，最后建成一个企业用的及时通讯系统，还不错。。。

可以和现有的ldap做集成，不用在新建用户了

1.下载openfire 3.3.3

2.下载 spark (客户端)

3.安装open fire

切换到root用户

rpm -ivh openfire-3.3.3-1.i386.rpm

会安装在 /opt/openfire目录

4.设置database

copy ojdbc14.jar /opt/openfire/lib

创建openfire用户

create user openfire identified by openfire;

grant connect,resouce to openfire;

执行创建数据库脚本

用openfire用户执行/opt/openfire/resources/database/openfire_oracle.sql 脚本

sqlplus openfire/openfire

@/opt/openfire/resources/database/openfire_oracle.sql

5.执行openfire，进行配置

/etc/init.d/openfire start

6.配置

(图没了？？)

7.配置SSL

假设域名为 picclife.cn

cd /opt/openfire/resources/security

export PATH=/opt/openfire/jre/bin:$PATH

修改ssl keystore密码

[root@devdb01 security]# keytool -storepasswd -keystore keystore

Enter keystore password:

New keystore password:

Re-enter new keystore password:

第一次输入原来的密码 changeit

keytool -storepasswd -keystore truststore

生成证书：

keytool -genkey -keystore keystore -alias picclife.cn

[root@devdb01 security]# keytool -genkey -keystore keystore -alias picclife.cn

Enter keystore password:

What is your first and last name?

[Unknown]: wzy

What is the name of your organizational unit?

[Unknown]: picclife

What is the name of your organization?

[Unknown]: picc

What is the name of your City or Locality?

[Unknown]: bj

What is the name of your State or Province?

[Unknown]: beijing

What is the two-letter country code for this unit?

[Unknown]: cn

Is CN=wzy, OU=picclife, O=picc, L=bj, ST=beijing, C=cn correct?

[no]: yes

Enter key password for

(RETURN if same as keystore password):

删除原来的证书

keytool -delete -keystore keystore -alias rsa

keytool -delete -keystore keystore -alias dsa

设置openfire

Open the Openfire Admin Console in your favorite browser and add or change the following system properties:

xmpp.socket.ssl.active -- set to 'true' to active SSL

xmpp.socket.ssl.port -- the port to use for SSL (default is 5223 for XMPP)

xmpp.socket.ssl.storeType -- the store type used ("JKS" is the Sun Java Keystore format used by the JDK keytool). If this property is not defined, Openfire will assume a value of "jks".

xmpp.socket.ssl.keystore -- the location of the keystore file relative to your Openfire installation root directory. You can leave this property blank to use the default keystore.

xmpp.socket.ssl.keypass -- the keystore/key password you changed in step 2.

xmpp.socket.ssl.truststore -- leave blank to not use a truststore, otherwise the location of the truststore file relative to your Openfire installation root directory.

xmpp.socket.ssl.trustpass -- the truststore/key password you changed in step 6.

重启openfire。

注意事项：

要让客户端强行使用SSL，需要在服务器上面配置

客户端安全联接

非必须 - 客户端可以使用安全方式联接到服务器。

必须 - 客户端仅使用安全方式联接到服务器。

自定义 - 高级配置

然后配置spark客户端，让其使用自动发现主机和端口。

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/3618/viewspace-485577/，如需转载，请注明出处，否则将追究法律责任。