[ejabberd] eJabberd Certificates Confusion

Steven Livingstone steven at livz.org
Fri Feb 26 00:48:54 MSK 2016


Thanks Peter for replying to quickly :-) This makes sense and will
explain my debugging in the last 15 minutes or so.

Is this generally how would do it for adding hosts - if you needed to
add hosts on a more dynamic basis you'd need to regenerate the cert
with the new SANs  (or use wildcards)? I don't need this at the moment
but may be useful info for the future.

thanks,
steven

On Thu, Feb 25, 2016 at 9:40 PM, Peter Schwindt <peter at schwindt-net.de> wrote:
> Hi Steven,
>
> On 25 Feb 2016, at 22:06, Steven Livingstone wrote:
>
> […]
>>
>> In my case I want to have an XMPP server at xmpp.domain.com but that
>> would have multiple hosts so users can register at user at example.com,
>> user at example.co.uk and so on. As far as I know, to properly do this I
>> need a certificate for the server (xmpp.domain.com) as well as one for
>> each host (example.com, example.co.uk and so on). This way you can
>> trust the server you are accessing as well as know it is a trusted
>> server for the hosts with associated certificates. Please correct me
>> if an of the above is NOT true and my understanding is wrong.
>
>
> That’s true. Simply get a cert for xmpp.domain.com and add a bunch of SAN
> (subjectAltName) entries for each other hostname/domain you want to serve.
> It’s all in one file then.
>
> Best,
> Peter
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd


More information about the ejabberd mailing list