[Psi-Devel] "Remember" option on certificate warning
Damjan
gdamjan at mail.net.mk
Thu Feb 19 14:28:28 PST 2009
> >>You can always request more certs, but then you might need more IP
> >>addresses. We need to work on better ways to support virtual hosts in
> >>TLS-land, at least for XMPP...
> >
> >The great thing about starttls is that you don't need more IP addresses.
> >
> >His issue is that he can't get a .mk cert from StartCom.
>
> It's not as simple as just getting a certificate for each domain. If
> you're a hosting provider, you don't have the authority to request
> certificates for every domain you host.
Actually, what domain name is checked with the certificate?
The SRV record for all my virtual domains can point to one server (one
FQDN, lets say jabber.mainserver.tld).
If the clients check that name to match the certificate .. we solve this
problem.
(maybe this needs to be standardizied in the xmpp protocol so every
client behaves like that)
--
damjan | дамјан
This is my jabber ID --> damjan at bagra.net.mk
-- not my mail address, it's a Jabber ID --^ :)
More information about the Psi-Devel
mailing list