I have a jabber environment with next properties.
- There is MS AD forest with single domain “DN=domain, DN=local”.
- There is MS CA.
- Xmpp domain name equals to “domain.local”.
- There are two openfire servers in cluster with next FQDNs: “server1.domain.local” and “server2.domain.local”.
- There is balancing based on SRV records in DNS zone.
I look next abnormal situation.
SSL certification subsystem of openfire requires (why?) that certificate has DN with “CN=xmpp_domain_name” not “CN=host_FQDN”, but clients (browsers for admin console, Gajim for messaging) require “CN=host_FQDN” (obviously, it is normal).
I partially solved this problem using certificates have DN with “CN=host_FQDN, CN=xmpp_domain_name”. In this case Openfire servers, browsers, Gajim work fine with SSL.
But Spark says (without ignoring incorrect SSL certificate name option): “Hostname verification of certificate failed”.
It is seem that developers of Openfire and Spark consider, that xmpp_domain_name MUST equals to host_FQDN.
I have a one question: when developers will solve this abnormal situation?