We're updating the issue view to help you get more done. 

Allow wildcards in self-signed cert generation

Description

When Openfire generates a self-signed certificate, it attempts to include all server identities as subject alternative name (SAN) entries. This can lead to a self-signed certificate that has many SANs.

Most SANs that are added in this way are direct subdomains of the XMPP domain (eg: pubsub.example.org / example.org).

Multiple SAN entries on the same domain level should be replaced by a wildcard. This would reduce the number of entries (making it cheaper to get a corresponding CSR to be signed by some CAs), while at the same time also be more future-proof: if at one time after certificate generation, a new component is added to the server, its name would likely be automatically covered by the wildcard.

Usage of a wildcard should be configurable (using the cert.wildcard property).

Environment

None

Acceptance Test - Entry

None
Fixed

Assignee

Guus der Kinderen

Reporter

Guus der Kinderen

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Priority

Minor
Configure