XMPP Server Certificates
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
This page provides an example of an OpenSSL configuration file that appears to generate Certificate Signing Requests (CSRs) and self-signed certificates that conform to the format defined in RFC 6120 (note: you need OpenSSL 0.9.8 or newer). If you find errors on this page, please fix them! Naturally you can create a certificate at the XMPP ICA and ask the ICA to create the CSR for you, so this step is not strictly necessary (other CAs may offer a similar service).
oid_section = new_oids [ new_oids ] # RFC 6120 section 13.7.1.4 defines this OID xmppAddr = 1.3.6.1.5.5.7.8.5 [ req ] default_bits = 1024 default_keyfile = dotat.key distinguished_name = distinguished_name req_extensions = v3_extensions x509_extensions = v3_extensions # don't ask about the DN prompt = no [ distinguished_name ] countryName = GB stateOrProvinceName = England localityName = Cambridge organizationName = dotat labs commonName = dotat.at [ v3_extensions ] # for certificate requests (req_extensions) # and self-signed certificates (x509_extensions) basicConstraints = CA:FALSE keyUsage = digitalSignature,keyEncipherment subjectAltName = @subject_alternative_name [ subject_alternative_name ] DNS.0 = dotat.at otherName.0 = xmppAddr;UTF8:dotat.at
Append the following for a server which handles multiple domain names:
DNS.1 = example.org otherName.1 = xmppAddr;UTF8:example.org
Thanks to Tony Finch for the information.