[ejabberd] different SSL certs for different virtual domains

Jesse Thompson jesse.thompson at doit.wisc.edu
Mon Feb 4 16:47:19 MSK 2008


You can't use individual domain certificates with SSL connections (port
5223 and web) because the certificate is used to encrypt the connection
before the client can tell the server which domain it's trying to
connect to.

But it will work with port 5222 (TLS+SASL) since the initial connection
is made in plain text and the client is able to tell the server which
domain it's trying to connect to prior to the connection being encrypted.

Jesse

kaan kaan wrote:
> Hi all,
> 
> how i must configure it, when i have two virtual hosts and different ssl certs.
> my config looks like :
> 
> % Listened ports:
> {listen, [
>           {5222, ejabberd_c2s,     [{access, c2s},
>                                     {max_stanza_size, 65536},
>                                     {shaper, c2s_shaper}]},
>           %% Use this line to enable SSL:
>           {5223, ejabberd_c2s,     [{access, c2s},
>                                         {max_stanza_size, 65536},
>                                  %       tls,{certfile, "/etc/ejabberd/server.pem"}
>                                 {domain_certfile,"chat.******.***", "/etc/ejabberd/server.pem"},
>                                 {domain_certfile, "*********.com", "/etc/ejabberd/server2.pem"}
>                                         ]},
>           %% Remove this line if you want to prevent s2s connections:
>           {5269, ejabberd_s2s_in,  [{shaper, s2s_shaper}, {max_stanza_size, 131072}]},
> 
>           %% remove http_poll to remove support for http polling
>           %% remove web_admin to disable admin interface:
>           {5281, ejabberd_http,    [http_poll, web_admin,
>                                       %  tls, {certfile, "/etc/ejabberd/server.pem"}
>                                 {domain_certfile,"chat.******.***", "/etc/ejabberd/server.pem"},
>                                 {domain_certfile, "*********.com", "/etc/ejabberd/server2.pem"}
>                                 ]}
>          ]}.
> 
> 
> and i get this error message:
> 
> =INFO REPORT==== 3-Feb-2008::13:27:29 ===
> D(:ejabberd_receiver:297) : Received XML on stream = [128,
>                                                                98,
>                                                                1,
>                                                                3,
>                                                                1,
>                                                                0,
>                                                                57,
>                                                                0,
>                                                                0,
>                                                                0,
>                                                                32,
>                                                                0,
>                                                                0,
>                                                                4,
>                                                                1,
>                                                                0,
>                                                                128,
>                                                                0,
>                                                                0,
>                                                                5,
>                                                                0,
>                                                                0,
>                                                                47,
>                                                                0,
>                                                                0,
>                                                                51,
>                                                                0,
>                                                                0,
>                                                                50,
>                                                                0,
>                                                                0,
>                                                                10,
>                                                                7,
>                                                                0,
>                                                                192,
>                                                                0,
>                                                                0,
>                                                                22,
>                                                                0,
>                                                                0,
>                                                                19,
>                                                                0,
>                                                                0,
>                                                                9,
>                                                                6,
>                                                                0,
>                                                                64,
>                                                                0,
>                                                                0,
>                                                                21,
>                                                                0,
>                                                                0,
>                                                                18,
>                                                                0,
>                                                                0,
>                                                                3,
>                                                                2,
>                                                                0,
>                                                                128,
>                                                                0,
>                                                                0,
>                                                                8,
>                                                                0,
>                                                                0,
>                                                                20,
>                                                                0,
>                                                                0,
>                                                                17,
>                                                                71,
>                                                                165,
>                                                                179,
>                                                                46,
>                                                                116,
>                                                                5,
>                                                                98,
>                                                                94,
>                                                                146,
>                                                                177,
>                                                                182,
>                                                                33,
>                                                                124,
>                                                                215,
>                                                                202,
>                                                                48,
>                                                                218,
>                                                                233,
>                                                                47,
>                                                                19,
>                                                                94,
>                                                                118,
>                                                                12,
>                                                                154,
>                                                                172,
>                                                                68,
>                                                                40,
>                                                                116,
>                                                                198,
>                                                                137,
>                                                                3,
>                                                                186]
> 
> =INFO REPORT==== 3-Feb-2008::13:27:29 ===
> D(:ejabberd_c2s:1330) : Send XML on stream = ""
> 
> 
> best regards
> kany
> _________________________________________________________________
> Erweitere dein digitales Leben. Hol dir jetzt gratis das neue Windows Live.
> http://get.live.com
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd

-- 
  Jesse Thompson
  Email/IM: jesse.thompson at doit.wisc.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3340 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.jabber.ru/pipermail/ejabberd/attachments/20080204/e4e1cc5f/attachment.bin 


More information about the ejabberd mailing list