Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve documentation and possibly implementation on system's TLS certificates #29

Open
kheops2713 opened this issue May 23, 2015 · 0 comments
Open

Improve documentation and possibly implementation on system's TLS certificates #29

kheops2713 opened this issue May 23, 2015 · 0 comments
Labels
enhancement

Comments

@kheops2713
Copy link
Contributor

Depending on the application used, the way to properly serve the right TLS certificate may vary.

For instance, some applications require the certificate file to only contain the server certificate while for others it is better to have the certificate chain up to the root CA.

In addition, for the XMPP server, the common name (or one SubjectAltName entry) must be the served domain rather than the hostname the server is running on.

So we should probably:

  • create a file that has a concatenation of server + root CA cert
  • document the use of SubjectAltName to make the cert valid for both host name, domain name and possibly IP address
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kheops2713