[jdev] wildcards vs. multiple certs
Justin Karneges
justin-keyword-jabber.093179 at affinix.com
Wed Aug 26 15:39:10 CDT 2009
On Wednesday 26 August 2009 13:31:13 Peter Saint-Andre wrote:
> As a result, it is possible that admins might feel the need to request
> multiple Class 1 certs in order to deploy an XMPP service (if they are
> not able to obtain a Class 2 certificate). For example, at the
> jabber.org service we might use one Class 1 certificate for the domain
> name "jabber.org" and another Class 1 certificate for the domain name
> "conference.jabber.org". This would require our XMPP server software to
> present the "jabber.org" certificate when a peer server attempts to open
> an s2s connection to the jabber.org domain, whereas it would present the
> "conference.jabber.org" certificate when someone from a peer server
> attempts to join a chatroom at the conference.jabber.org MUC service. I
> do not know of any XMPP server software that can present two (or more)
> different certs for s2s connections depending on the domain name
> specified by the peer server.
You can put many names into one cert. For a short set of domains, this ought
to be practical.
-Justin
More information about the JDev
mailing list