XMPP.org Federation

http://www.xmpp.net has a map of the various servers that have joined the federation- Why isnt Jive on the list?!?!

Anyway, the interesting thing about xmpp.net is the certificate authority service. I wonder if its possible to get Wildfire to work with the CA more automatically (maybe a page in the admin console to request a certificate or something…)

Anyone else have thoughts on this?

Hi Slushpupie,

We’'re in the process of adding igniterealtime.org to the map.

Check out the release candidate for Wildfire 3.2. The security certificate process has been improved quite a bit. We tried to balance making it super easy and automated with the need to allow people to use whichever CA they choose.

I’'m curious, too, if anyone else has ideas on how to make the certificate process even easier…

Thanks,

Greg

I know one thing that would make it easier for me is to use a more Apache style method of handleing certificates. That is, you have some ssl directories (ssl.crt ssl.key), and you drop the certificate and key in the directories, then tell wildfire this is where the certificates are.

I manage a lot of services that use SSL, and almost all of them use a method like this for maintaining the certificates. Java’'s custom keystore thing feels very clumbersome to me because it is so different from all the other things I manage.

So I guess the idea here is to have more methods, since so many people do it differently. (I know the programmers just love to hear that )

Here is a list of methods I could see as useful

  • Apache style (tell wildfire.conf where the X.509 files are located)

  • Filesystem import (web interface imports a file from the local filesystem)

  • Upload import (web interface accepts a POST of the certificate)

  • Input import (web interface with text box to copy and paste in)

  • Certificate Download (be able to download both the certificate and key in X.509/OpenSSL formats)

  • Self-Signed certificate generation (ie- not using the same cert as every other Wildfire server, but still self signed)

  • Generate a private key and CSR to give to a SSL provider (import cert later using one of the above methods)

I think that list covers most people abilities and security paranoias.

Things that should be import/export/deleteable are:

  • Private Key file

  • Certificate file

  • CSR file

  • Certificate Authority certs (My company does not trust the global CA’‘s, we trust the DoD’'s, for example)

Hi slushpupie,

Thanks for your ideas!

Greg