Difference between revisions of "Securing XMPP"

Jump to navigation Jump to search
23 bytes added ,  01:36, 11 September 2013
no edit summary
Line 15: Line 15:
Although many IM clients can be configured to force encrypted connections for the c2s hop, XMPP does not encrypt connections by default (this is like using telnet instead of ssh to administer remote machines). Also, if you are communicating with someone at another server, there is no way to know if the s2s hop has been encrypted.
Although many IM clients can be configured to force encrypted connections for the c2s hop, XMPP does not encrypt connections by default (this is like using telnet instead of ssh to administer remote machines). Also, if you are communicating with someone at another server, there is no way to know if the s2s hop has been encrypted.


This page will show you how to enable encryption for your user's "c2s" connections and also to encrypt and identify "s2s" connections to remote domains.
This page will show you how to enable encryption for your user's c2s connections and also to encrypt and authenticate s2s connections to remote domains.


===Get a server certificate===
===Get a server certificate===


we will use example.com for this example
we will use example.com for this example
* order a certificate for example.com (not servername.example.com) from your CA. StartCom offers free certificates.
* order a certificate for example.com (not servername.example.com) from your CA. [http://startssl.com/ StartSSL] offers free certificates.


===Configure your DNS===
===Configure your DNS===
106

edits

Navigation menu