The default trust store does not include Startcom's root CA certificate, and so trying to add ssl certificates using the web interface will fail. To rectify this, the root CA certificate must be added to the trust store manually.
Now it should be possible to import the signed certificates. First, delete any self-signed certificates from the <tt>security certificates</tt> page of the openfire webui. Once the keystore is empty, start the import process. The private key should be in PEM format, and may or may not be encrypted; if it is, supply the passphrase, else leave the box blank. The certificate box should be filled with the entire chain of server and intermediate ca certificates in PEM format.
After the import completes, openfire will ask you to restart the HTTPS service for the new certificates to take effect. TLS jabber connections should also now work.