[jdev] wildcards vs. multiple certs

Peter Saint-Andre stpeter at stpeter.im
Wed Aug 26 15:50:46 CDT 2009

Hash: SHA1

On 8/26/09 2:39 PM, Justin Karneges wrote:
> On Wednesday 26 August 2009 13:31:13 Peter Saint-Andre wrote:
>> As a result, it is possible that admins might feel the need to request
>> multiple Class 1 certs in order to deploy an XMPP service (if they are
>> not able to obtain a Class 2 certificate). For example, at the
>> jabber.org service we might use one Class 1 certificate for the domain
>> name "jabber.org" and another Class 1 certificate for the domain name
>> "conference.jabber.org". This would require our XMPP server software to
>> present the "jabber.org" certificate when a peer server attempts to open
>> an s2s connection to the jabber.org domain, whereas it would present the
>> "conference.jabber.org" certificate when someone from a peer server
>> attempts to join a chatroom at the conference.jabber.org MUC service. I
>> do not know of any XMPP server software that can present two (or more)
>> different certs for s2s connections depending on the domain name
>> specified by the peer server.
> You can put many names into one cert.  For a short set of domains, this ought 
> to be practical.

True, as long as your CA honors the CSR you provide. So perhaps this is
a non-issue...


- --
Peter Saint-Andre

Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the JDev mailing list