Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1495

Self-signed certificates should include alternative names

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.2.3
    • Component/s: TLS
    • Labels:
      None

      Description

      When generating security certificates, we now add the XMPP domain name as the subject. An Openfire service is identified by more values though, including:

      • it's component names (such as conference.<xmppdomain>)
      • it's fully qualified domain name (where the HTTP endpoints are exposed on)

      These names should be added to the generated certificates in a "subject altnative name" extension, using dnsName records where appropriate.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              guus Guus der Kinderen
              Reporter:
              guus Guus der Kinderen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: