[jdev] wildcards vs. multiple certs

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Wed Aug 26 15:39:10 CDT 2009

On Wednesday 26 August 2009 13:31:13 Peter Saint-Andre wrote:
> As a result, it is possible that admins might feel the need to request
> multiple Class 1 certs in order to deploy an XMPP service (if they are
> not able to obtain a Class 2 certificate). For example, at the
> jabber.org service we might use one Class 1 certificate for the domain
> name "jabber.org" and another Class 1 certificate for the domain name
> "conference.jabber.org". This would require our XMPP server software to
> present the "jabber.org" certificate when a peer server attempts to open
> an s2s connection to the jabber.org domain, whereas it would present the
> "conference.jabber.org" certificate when someone from a peer server
> attempts to join a chatroom at the conference.jabber.org MUC service. I
> do not know of any XMPP server software that can present two (or more)
> different certs for s2s connections depending on the domain name
> specified by the peer server.

You can put many names into one cert.  For a short set of domains, this ought 
to be practical.


More information about the JDev mailing list