Hi!
I’'m not sure if wildfire uses the same certificates for jabber-to-server comunication as well as for encrypting the admin console on port 9091.
Since jabber certificates ought to be setup for the xmpp-domain (example.com), but admin console is reachable at some host address (somehost.example.com) only, I assume that I’'d have to use different certificates.
How would one have to implement those in WildFire?
Thanks
Markus
Hey Markus,
mollibesnering wrote:
Hi!
I’'m not sure if wildfire uses the same certificates for jabber-to-server comunication as well as for encrypting the admin console on port 9091.
Yes, the embedded Jetty web server shares the same keystore with Wildfire. If you are using an apache in front of Wildfire’'s admin console then certificates are not necessarily the same.
Since jabber certificates ought to be setup for the xmpp-domain (example.com), but admin console is reachable at some host address (somehost.example.com) only, I assume that I’'d have to use different certificates.
I think that it is up to the browser to decide how to validate certificates presented by the webserver. So if you are using self-signed certificates and they belong to a different domain than the one you are trying to connect with the browser then the browser may ask you to explicitly validate or reject the certificate presented by the webserver.
You can always add more certificates to the keystore. So if you are using the same keystore for Wildfire and your webserver then you can add new certificates for your web domain. Anyway, I really don’'t know how does Java figure out which certificate to present to the other party.
Regards,
– Gato