[ejabberd] More virt host woes.
jesse.thompson at doit.wisc.edu
Fri Feb 8 07:04:47 MSK 2008
Brian Cully wrote:
>> * Certificate management. The XMPP specification requires that the
>> match the domain, not the server. This makes it very difficult for
>> hosting providers.
> I haven't tried this yet. I was worried from reading the code that
> this could be a problem. If you have any solutions that could save me
> time when I finally get there, I would appreciate it.
I don't think that this is a problem with ejabberd. The problem is that
you will need to get a certificate specific for each domain, otherwise
the jabber clients will display certificate-host mismatch errors. You
could generate self-signed certificates, but clients will bitch about
those too. The XMPP ICA will sign your certificates for free, but I
don't need to tell you how much of a hassle it will be to request/renew
8,000 individual certificates. FWIW, Google appears to use just 2
certificates: gmail.com for gmail users, and talk.google.com for the
google apps users. But they distribute their own client that
conveniently ignores the fact that the certificate doesn't match the domain.
More information about the ejabberd