[jadmin] Jabber2 virtual hosting with ssl problem

oliver bril oliver_bril at hotmail.com
Fri Oct 6 08:40:16 CDT 2006 

Gerhard,

Thanx, this has put me in the right direction, I have tried to create a 
self-signed certificate with one Common Name and 2 subjectAltNames. The 
certificate was ok (although it seems ok, no errors while creating).

Only problem was that the jabber client (in my case exodus) couldn't handle 
the certificate, I still got the error on the domain name.  As far as I 
could find out jabberd2 didn't have any problems with it.

Therefore I tried to create a certificate with multiple common names and 
this seems to work. As far as I could read this was not the most beautiful 
solution but I need something.

I still have to try the option with only subjectAltNames.

Someone any idea for building a proxy like I mentioned earlier before?

Regards,
Oliver



>From: Blacky Gray <blackyfromgray at gmx.net>
>Reply-To: Jabber server administration list <jadmin at jabber.org>
>To: jadmin at jabber.org
>Subject: Re: [jadmin] Jabber2 virtual hosting with ssl problem
>Date: Thu, 5 Oct 2006 22:48:31 +0200
>
>Hi,
>
>You can put all your virtual hostnames into one certificate. The additional
>domain names must be added in subjectAltName Extensions.
>
>see:
>http://wiki.cacert.org/wiki/VhostTaskForce?highlight=%28host%29%7C%28virtual%29#head-f7f4c7599aef8b22de373b0922b39f4e75e95db4
>
>Regards,
>Gerhard
>
>
>Am Donnerstag, 5. Oktober 2006 16:34 schrieb oliver bril:
> > Hello,
> >
> > I have got jabberd2 up and running with multiple virtual hosts. This all
> > runs fine. Now i'm trying to secure the server with ssl. I found out 
>that
> > you can only add one ssl certificate. This is a problem because now all
> > domains (except one) gives an ssl error that the ssl certificate doesn't
> > matches the domain.
> >
> > Now i read something about wildcard ssl certificates. But when i create 
>a
> > self-signed wildcard certificate by just putting *.domain.com in the CN
> > this doesn't solve the problem. (i use openssl)
> >
> > Has someone experience with wildcard ssl certificates within jabberd2? 
>or
> > does someone know any other solutions to solve this problem?
> >
> > Other solution where i was thinking about was the following:
> >
> > jabber-client --ssl--> proxy --non-ssl--> jabber server.
> >
> > But as far as i could find out there is no client which can handle ssl
> > towards a proxy (also no browser supports this).
> >
> > What i am trying to accomplish is that the jabber server with multiple
> > domains is securely reachable from the internet.
> >
> > Hope someone can help me out.
> >
> > Regards,
> > Oliver
> >
> > _________________________________________________________________
> > Live Search, for accurate results! http://www.live.nl
> >
> > _______________________________________________
> > JAdmin mailing list
> > JAdmin at jabber.org
> > http://mail.jabber.org/mailman/listinfo/jadmin
> > FAQ: http://www.jabber.org/about/jadminfaq.shtml
> > _______________________________________________
>_______________________________________________
>JAdmin mailing list
>JAdmin at jabber.org
>http://mail.jabber.org/mailman/listinfo/jadmin
>FAQ: http://www.jabber.org/about/jadminfaq.shtml
>_______________________________________________

_________________________________________________________________
Live Search, for accurate results! http://www.live.nl

More information about the JAdmin mailing list