On 01/27/2012 11:59 PM, Daniel Pocock wrote:
It found the DNSName entries but ignored everything else
Could you also comment on what I should use for `commonName' when I'm
using subjectAltName? Should commonName just repeat one of the other
names? Should it be the hostname where the cert is installed (e.g.
bighost.example.com) or is there some other recommendation, or it just
doesn't matter?
It doesn't matter.
[ subject_alternative_name ]
DNS.0 = example1.com
otherName.0 =
SRVName;IA5STRING:_xmpp-server.example1.com
Have a look on this discussion, it could help you:
http://mail.jabber.org/pipermail/standards/2008-June/018978.html
I just found this:
http://tools.ietf.org/html/draft-ietf-xmpp-dna-01
the TLS feature "Server Name Indication" will solve all the described
issues with certificate requests.
How far is that draft in the process of standardization at IETF and is
there any XMPP server supporting this? OpenSSL version 0.9.8j and higher
is supporting this and it was released on 7-th of January 2009...
Best regards,
--
Peter Viskup
