My Openfire server (xmpp.domainname=weather.im) (pre 4.0 release) allowed the SSL certificate import of a StartCom signed cert with the following attributes:
Subject: C=US, CN=xmpp.weather.im/emailAddressemail@example.com
X509v3 Subject Alternative Name:
DNS:xmpp.weather.im, DNS:weather.im, othername:<unsupported>, othername:<unsupported>, othername:<unsupported>, othername:<unsupported>
This certificate is no longer imported with Openfire 4.0 as the admin console complains that the cert's Common Name does not match my xmpp.domainname.
Openfire should be more forgiving and allow for certs to be imported that have a matching SAN to the xmpp.domainname as well.