Certificate and server's name with SRV DNS record - User's domain confusion


openfire 3.6, openldap auth, on centos 5.2 x86_64

I have a working setup but I have a problem in understanding how to name my certificate:



certificate view in the admin console:

*.talk.example.com (talk.example.com_dsa)
Aug 8, 2013
Self-signed certificates should be signed by a Certificate Authority to be trusted and accepted by clients and other servers.
Self signed

talk.example.com (importkey)
Aug 29, 2010
The certificate is not yet signed by a Certificate Authority. A signing request should be sent to the Certificate Authority so that it can be signed by the CA. The CA will return a new certificate once it has been approved and signed. The returned certificate will need to be imported into the server.
Pending Verification

I don’t know why I have two certs here. It was quite a struggling to import the cert in the keystore by the way. Should I remove one of them ?

DNS SRV Record (bind9):

_xmpp-server._tcp.example.com. 86400 IN SRV 10 0 5269 talk.example.com.
_xmpp-client._tcp.example.com. 86400 IN SRV 10 0 5222 talk.example.com.

Client (adium on mac osx but it should not really matter) configuration:

username: user@example.com

As I am using DNS SRV records I dont need to specify a server name (right ?). I need Strict cert checking to be enable.

And here is my problem: When I connect, the client say:

“This certificate is not valid (host name mismatch)”.

As I don’t want to say to my users to ignore such message, how should I rename my server or my cert to bypass this problem ?

I’ve tried to rename the server to just example.com but then I cannot log in the admin console.

Also, is it normal that connected users appear as user@talk.example.com instead of user@example.com ?

And when I try a file transfert, the transfert is directed to user@talk.example.com instead of user@exampe.com. I think my openfire is messing with user name’s domain: I can log with user@example but for openfire it is user@talk.example and everything break after this.

Thanks a lot for any help.

I don’t know if it’s related but in my log I see this:

[org.jivesoftware.openfire.handler.IQvCardHandler.handleIQ(IQvCardHandler.java:9 2)]
java.lang.UnsupportedOperationException: VCard provider is read-only.