[Operators] domain hosting and certificates

Jesse Thompson jesse.thompson at doit.wisc.edu
Tue Mar 4 08:00:45 CST 2008


Andreas Monitzer wrote:
> On Mar 04, 2008, at 13:58, Jesse Thompson wrote:
> 
>> I've tried to get an XMPP ICA wildcard certificate to work for 
>> wisc.edu and subdomain.wisc.edu, but it looks like the clients (Psi 
>> and Adium) don't treat it as valid.  I don't know if this is a bug 
>> with the client(s), the server (ejabberd), or the XMPP ICA.
> 
> Hi,
> 
> I'm the developer of the Adium TLS plugin and certificate checking code. 
> Adium should be able to verify wildcard certificates, I even used one 
> while testing the implementation.
> What's the error message from the certificate check? It's written in red 
> when you request more information in the certificate warning dialog.

My bad.  Adium works as expected with wildcard certificates.  I was 
specifying a connect server during my testing, which caused Adium to 
validate the certificate against the server, not the domain.

The only other client I've tested is Psi (which is the client that we 
recommend to users) and it doesn't accept the wildcard certificate as 
valid for the domain even if I don't manually specify the connect server.

Jesse

-- 
   Jesse Thompson
   Email/IM: jesse.thompson at doit.wisc.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3340 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/operators/attachments/20080304/64fdf135/attachment.bin 


More information about the Operators mailing list