Generation of self-signed certs doesn't include SANs


Openfire allows an administrator to replace certificates in the identity store with a new keypair and certificate that is self-signed.

The self-signed certificate should have subject alternative names for all XMPP identities of the server (typically including and, but does not.

This issue is most notable when clicking on the first 'here' in the link on the TLS admin console page that reads:

A certificate for the domain of this server is missing. Click here to generate a self-signed certificate or here to import a signed certificate and its private key.

You'd expect that message to go away after clicking on that link, but it does not.


Your pinned fields
Click on the next to a field label to start pinning.


Guus der Kinderen


Guus der Kinderen