Based on the SSL guide of the Openfire’s connection manager module I have understood that in order it to authenticate its xmpp-clients on TLS level you need to import every client’s certificate into the truststore of the connection manager:
“If you require clients to verify themselves using certificates, obtain their certificates and import them into the truststore file rather than the keystore.”
Is it then really so that the client TLS authentication cannot be done just by finding out if there is client certificate’s signer’s certificate i.e. the CA certificate in the truststore and validate the client certificate against that? Isn’t that a common way of authenticating the client?