[Operators] Obtaining XMPP-enabled certificate for server
dave at cridland.net
Wed Jul 20 08:22:08 UTC 2016
On 20 July 2016 at 08:58, Florian Schmaus <flo at geekplace.eu> wrote:
> For the near future, I hope that certificates using only srvNames will
> become more common. But if you want to stay super "compatible" with all
> sorts of XMPP software out there, then you probably want to put your
> XMPP domain in the CN too. Which comes with the drawback that the cert
> can be used for all services under that domain.
Only for legacy apps.
If a SAN exists, CNs should be ignored.
If a service-specific SAN exists, non-service-specific SANs should be
ignored, though that's even rarer.
Maybe we should have another interop day to figure out how observed these
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Operators