Generation of self-signed certs doesn't include SANs

Description

Openfire allows an administrator to replace certificates in the identity store with a new keypair and certificate that is self-signed.

The self-signed certificate should have subject alternative names for all XMPP identities of the server (typically including conference.example.org and pubsub.example.org, but does not.

This issue is most notable when clicking on the first 'here' in the link on the TLS admin console page that reads:

A certificate for the domain of this server is missing. Click here to generate a self-signed certificate or here to import a signed certificate and its private key.

You'd expect that message to go away after clicking on that link, but it does not.

Environment

None

Activity

Fixed

Details

Assignee

Reporter

Components

Fix versions

Priority

Created September 17, 2018 at 1:24 PM
Updated October 3, 2018 at 1:00 PM
Resolved October 3, 2018 at 1:00 PM