When generating security certificates, we now add the XMPP domain name as the subject. An Openfire service is identified by more values though, including:
it's component names (such as conference.<xmppdomain>)
it's fully qualified domain name (where the HTTP endpoints are exposed on)
These names should be added to the generated certificates in a "subject altnative name" extension, using dnsName records where appropriate.