Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1100

SSL Certificate import should be more forgiving

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 4.0.0, 4.0.1
    • Fix Version/s: 4.1.0
    • Component/s: Core
    • Labels:
      None

      Description

      My Openfire server (xmpp.domainname=weather.im) (pre 4.0 release) allowed the SSL certificate import of a StartCom signed cert with the following attributes:

      Subject: C=US, CN=xmpp.weather.im/emailAddress=hostmaster@weather.im
      X509v3 Subject Alternative Name:
      DNS:xmpp.weather.im, DNS:weather.im, othername:<unsupported>, othername:<unsupported>, othername:<unsupported>, othername:<unsupported>

      This certificate is no longer imported with Openfire 4.0 as the admin console complains that the cert's Common Name does not match my xmpp.domainname.

      Openfire should be more forgiving and allow for certs to be imported that have a matching SAN to the xmpp.domainname as well.

        Attachments

          Activity

            People

            • Assignee:
              guus Guus der Kinderen
              Reporter:
              akrherz Daryl Herzmann
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: