Hello!
I have a question about the domain name / alias to put on the SSL cert for Wildfire.
Our JIDs use the “madriverschools.org” domain, but the name of our server is im.madriver.k12.oh.us. What is the client looking for on the SSL cert?
Thanks!
Hey Matt,
So your server is located in im.madriver.k12.oh.us and you are using madriverschools.org as the Wildfire server name. That means that you should have a DNS SRV record for madriverschools.org that points to im.madriver.k12.oh.us. Clients and servers that want to connect to your server will perform DNS lookups to resolve madriverschools.org. Once they found the hostname or IP address to use they will try to connect to that address.
From the XMPP perspective the server name is madriverschools.org. Therefore, local accounts will have the domain madriverschools.org (as you said). Clients and other servers will only know about the madriverschools.org domain (and only know about im.madriver.k12.oh.us while opening a physical connection).
This means that Wildfire certificates MUST use the madriverschools.org domain. Clients and remote servers will verify certificates and check them against madriverschools.org. In summary, im.madriver.k12.oh.us is only used when opening a physical connection. For the rest of the operations madriverschools.org is the correct domain.
Having said all that, many clients out there are not really validating certificates. Different clients do different validations (e.g. only check that certificate is not expired). However, this does not mean that server certificates should be incorrect. Certificates should be authenticated by a CA, have a valid date (i.e. not be expired), have a valid certificate chain, use the correct server name (eg. madriverschools.org) in the CN field and also in the subjectAltName field.
Hope that helps.
Regards,
– Gato
Thanks, that’'s exactly what I needed to know.
The DNS changes have been made locally (I defined the _xmpp-client, _xmpp-server and _jabber service)… they should go live on the net tonight.
I appreciate the help!