I want to enable passwordless authentication in Converse.js, using CA signed certificates, but I am having troubles with it. Here is what I've done:

• Added the CA in the truststore for OpenFire;
• Added the OpenFire certificate in its keystore;
• Created a client valid and signed certificate.

I have also set some properties in the OpenFire server, i.e., sasl.mechs: EXTERNAL, xmpp.client.certificate.verify: true and xmpp.client.cert.policy: wanted.

My converse script looks like:

converse.initialize({
    bosh_service_url: 'https://localhost:7443/http-bind/',
    authentication: 'external',
    show_controlbox_by_default: true,
    debug: true,
});

As from this blog post, I expected the browser to request the user to provide the certificate with a popup, but I keep getting:

Failed to load resource: net::ERR_CERT_AUTHORITY_INVALID

Any help will be appreciated.