[Operators] server certs for XMPP and SIP

Peter Viskup skupko.sk at gmail.com
Sat Jan 28 12:20:17 UTC 2012


On 01/27/2012 11:59 PM, Daniel Pocock wrote:
> It found the DNSName entries but ignored everything else
>
> Could you also comment on what I should use for `commonName' when I'm
> using subjectAltName?  Should commonName just repeat one of the other
> names?  Should it be the hostname where the cert is installed (e.g.
> bighost.example.com) or is there some other recommendation, or it just
> doesn't matter?
It doesn't matter.
> [ subject_alternative_name ]
>
> DNS.0                             = example1.com
> otherName.0                       =
> SRVName;IA5STRING:_xmpp-server.example1.com
Have a look on this discussion, it could help you:
http://mail.jabber.org/pipermail/standards/2008-June/018978.html

I just found this:
http://tools.ietf.org/html/draft-ietf-xmpp-dna-01
the TLS feature "Server Name Indication" will solve all the described 
issues with certificate requests.
How far is that draft in the process of standardization at IETF and is 
there any XMPP server supporting this? OpenSSL version 0.9.8j and higher 
is supporting this and it was released on 7-th of January 2009...

Best regards,
--
Peter Viskup

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20120128/582502cb/attachment.htm>


More information about the Operators mailing list