Certificate request fields for XMPP-server

Strange that it is not clarified somewhere…

I’m in doubt, what Subject and what subjectAltNames:DNS must be in CSR if i generate it by hands?

For example, if my configuration is

_xmpp-server._tcp.domain.org IN SRV 5 0 5269 jabber.domain.org.

(domain name != hostname)

So what combination of fileds in CSR will be right?

Variants for Subject:

  1. Subject=emalAddress=somemail@domain.org,CN=domain.org,O=SomeOrg,L=SomeLocality,C=RU

  2. Subject=emalAddress=somemail@domain.org,CN=*.domain.org,O=SomeOrg,L=SomeLocality,C=RU

  3. Subject=emalAddress=somemail@domain.org,CN=jabber.domain.org,O=SomeOrg,L=SomeLocality,C=RU

  4. Subject=CN=*.domain.org,O=SomeOrg,L=SomeLocality,C=RU

Variants for subjectAltNames:DNS

  1. subjectAltNames:DNS:*.domain.org

  2. subjectAltNames:DNS:jabber.domain.org

I think it is very important and must be placed somewhere in documentation, because s2s strongly depends on the resulting signed certificate filelds