Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1603

Generation of self-signed certs doesn't include SANs

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.3.0
    • Component/s: TLS
    • Labels:
      None

      Description

      Openfire allows an administrator to replace certificates in the identity store with a new keypair and certificate that is self-signed.

      The self-signed certificate should have subject alternative names for all XMPP identities of the server (typically including conference.example.org and pubsub.example.org, but does not.

      This issue is most notable when clicking on the first 'here' in the link on the TLS admin console page that reads:

      A certificate for the domain of this server is missing. Click here to generate a self-signed certificate or here to import a signed certificate and its private key.

      You'd expect that message to go away after clicking on that link, but it does not.

        Attachments

          Activity

            People

            Assignee:
            guus Guus der Kinderen
            Reporter:
            guus Guus der Kinderen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: