[jdev] wildcards vs. multiple certs
Peter Saint-Andre
stpeter at stpeter.im
Wed Aug 26 15:50:46 CDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 8/26/09 2:39 PM, Justin Karneges wrote:
> On Wednesday 26 August 2009 13:31:13 Peter Saint-Andre wrote:
>> As a result, it is possible that admins might feel the need to request
>> multiple Class 1 certs in order to deploy an XMPP service (if they are
>> not able to obtain a Class 2 certificate). For example, at the
>> jabber.org service we might use one Class 1 certificate for the domain
>> name "jabber.org" and another Class 1 certificate for the domain name
>> "conference.jabber.org". This would require our XMPP server software to
>> present the "jabber.org" certificate when a peer server attempts to open
>> an s2s connection to the jabber.org domain, whereas it would present the
>> "conference.jabber.org" certificate when someone from a peer server
>> attempts to join a chatroom at the conference.jabber.org MUC service. I
>> do not know of any XMPP server software that can present two (or more)
>> different certs for s2s connections depending on the domain name
>> specified by the peer server.
>
> You can put many names into one cert. For a short set of domains, this ought
> to be practical.
True, as long as your CA honors the CSR you provide. So perhaps this is
a non-issue...
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkqVoCYACgkQNL8k5A2w/vwi2ACdHjC3ErGDaEfqInRdbhGuMbGc
YWUAoPOwS689kKVoIBb7THczjtp41zgb
=hmfV
-----END PGP SIGNATURE-----
More information about the JDev
mailing list