Cert for XMPP domain should cover MUC component

Description

The certificate that we're using for Openfire does not cover 'conference.igniterealtime.org', which leads to problems when federation is being attempted to the MUC service.

As a workaround, federation can be initiated to the bare igniterealtime.org domain, after which the conference component federation will piggy-back over the existing line.

We should update the certificate to cover all components.

Environment

None

Activity

Show:
Daryl Herzmann
July 2, 2016, 3:00 AM

Just a note that this looks interesting

https://community.letsencrypt.org/t/how-to-use-the-certificate-for-tomcat/3677/39

tomcat 8.5.3 supports openssl certs directly.

Guus der Kinderen
July 4, 2016, 8:35 AM

I'm not terribly familiar with LetsEncrypt. Can't we get certificates that have an expiry date that's further in the future?

wroot
July 4, 2016, 8:52 AM
Edited

https://letsencrypt.org/2015/11/09/why-90-days.html

You can't. They want certificate renewal to be automatic, so they want to make its expire date as short as possible so it would be inconvenient to update them manually they also are planning to make it even shorter.

Daryl Herzmann
November 3, 2016, 8:43 PM

the current cert expires 20 November 2016, we better figure out something fast

Daryl Herzmann
February 16, 2017, 5:04 PM

I got StartSSL cert workflow to work again and it covers conference.igniterealtime.org

Note that hostmaster email dumps to local root account on mail.ignite

Fixed

Assignee

Guus der Kinderen

Reporter

Guus der Kinderen

Labels

None

Expected Effort

None

Ignite Forum URL

None

Priority

Major
Configure