When generating a security certificate, Openfire adds, amongst others, a xmppAddr entryin into the subject-alternative name extension.

There's a bug in this code, which leads to invalid certificates: openssl cannot parse the resulting certificates, for example.