Difference between revisions of "XMPP Server Certificates"
Jump to navigation
Jump to search
Neustradamus (talk | contribs) m |
|||
(4 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
This page provides an example of an OpenSSL configuration file that appears to generate Certificate Signing Requests (CSRs) and self-signed certificates that conform to the format defined in RFC | This page provides an example of an OpenSSL configuration file that appears to generate Certificate Signing Requests (CSRs) and self-signed certificates that conform to the format defined in RFC 6120 (note: you need OpenSSL 0.9.8 or newer). If you find errors on this page, please fix them! Naturally you can create a certificate at the [http://xmpp.net/ XMPP ICA] and ask the ICA to create the CSR for you, so this step is not strictly necessary (other CAs may offer a similar service). | ||
<pre> | <pre> | ||
Line 6: | Line 6: | ||
[ new_oids ] | [ new_oids ] | ||
# RFC | # RFC 6120 section 13.7.1.4 defines this OID | ||
xmppAddr = 1.3.6.1.5.5.7.8.5 | xmppAddr = 1.3.6.1.5.5.7.8.5 | ||
Line 36: | Line 36: | ||
basicConstraints = CA:FALSE | basicConstraints = CA:FALSE | ||
keyUsage = digitalSignature,keyEncipherment | |||
subjectAltName = @subject_alternative_name | subjectAltName = @subject_alternative_name | ||
Line 46: | Line 46: | ||
Append the following for a server which handles multiple domain names: | Append the following for a server which handles multiple domain names: | ||
<pre> | <pre> | ||
DNS.1 = | DNS.1 = domain.tld | ||
otherName.1 = xmppAddr;UTF8: | otherName.1 = xmppAddr;UTF8:domain.tld | ||
</pre> | </pre> | ||
Thanks to Tony Finch for the information. | Thanks to Tony Finch for the information. |