Allow wildcards in self-signed cert generation

Description

When Openfire generates a self-signed certificate, it attempts to include all server identities as subject alternative name (SAN) entries. This can lead to a self-signed certificate that has many SANs.

Most SANs that are added in this way are direct subdomains of the XMPP domain (eg: pubsub.example.org / example.org).

Multiple SAN entries on the same domain level should be replaced by a wildcard. This would reduce the number of entries (making it cheaper to get a corresponding CSR to be signed by some CAs), while at the same time also be more future-proof: if at one time after certificate generation, a new component is added to the server, its name would likely be automatically covered by the wildcard.

Usage of a wildcard should be configurable (using the cert.wildcard property).

Environment

None
Fixed

Assignee

Guus der Kinderen

Reporter

Guus der Kinderen