[Operators] server certs for XMPP and SIP

Daniel Pocock daniel at pocock.com.au
Fri Jan 27 22:11:34 UTC 2012




I've got two questions:

- what are the specifications for a subjectAltName (SAN) cert that can
be used for both Jabber and SIP?

- which CAs have been reliable in providing such certs?


Background info that I found:

- I understand the certs used to differ (SIP used the dNSName record
type, while Jabber used otherName xmppAddr)

- since the revised RFC 6120, Jabber now supports dNSName, same as SIP

http://tools.ietf.org/html/rfc6120
http://tools.ietf.org/html/rfc6125

- the xmpp.net page found by Google only refers to the StartCom CA:

http://xmpp.org/resources/certificates/

- the wiki page found by Google appears to be concerned with the old
standard:
http://wiki.xmpp.org/web/XMPP_Server_Certificates

- many of the CA web sites just refer to `subjectAltName' or SAN
certificates - they don't advise what type of data (e.g. otherName or
dNSName) they are willing to put in the cert



More information about the Operators mailing list