[ejabberd] More virt host woes.

Jesse Thompson jesse.thompson at doit.wisc.edu
Fri Feb 8 07:04:47 MSK 2008


Brian Cully wrote:
>> * Certificate management.  The XMPP specification requires that the  
>> cert
>> match the domain, not the server.  This makes it very difficult for
>> hosting providers.
> 
> 	I haven't tried this yet. I was worried from reading the code that  
> this could be a problem. If you have any solutions that could save me  
> time when I finally get there, I would appreciate it.

I don't think that this is a problem with ejabberd.  The problem is that 
you will need to get a certificate specific for each domain, otherwise 
the jabber clients will display certificate-host mismatch errors.  You 
could generate self-signed certificates, but clients will bitch about 
those too.  The XMPP ICA will sign your certificates for free, but I 
don't need to tell you how much of a hassle it will be to request/renew 
8,000 individual certificates.  FWIW, Google appears to use just 2 
certificates: gmail.com for gmail users, and talk.google.com for the 
google apps users.  But they distribute their own client that 
conveniently ignores the fact that the certificate doesn't match the domain.


More information about the ejabberd mailing list