It would be interesting to compare it with ejabberd in Erlang.
indeed. I’ve used ejabberd as well as openfire in the past. Cert-Handling (as an example) was hell with openfire.
Surely there is some good solution by now for the mess that is (was?) certificate trust stores on JVM based languages?
Not that I’ve found. You have to live with keytool.