Hi everyone,
thank you for your explanations. I'm still fairly new to this so thank
you for your patience...!
Am Tue, 19 Jul 2016 19:25:11 +0100
schrieb Dave Cridland :
> Yes, in RFC 5280, RFC 6125, and RFC 6120. But they're relatively tough
> reading (especially 5280).
I'm out for a longer read
On 20 July 2016 at 10:15, Dave Cridland wrote:
>
>
> On 20 July 2016 at 10:07, Simon Josefsson wrote:
>
>> Sam Whited writes:
>>
>> > On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson
>> wrote:
>> >> I wonder if people really care about this usage any more -- it does not
>> >> scale well (all d
On 20 July 2016 at 10:07, Simon Josefsson wrote:
> Sam Whited writes:
>
> > On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson
> wrote:
> >> I wonder if people really care about this usage any more -- it does not
> >> scale well (all domains have to be encoded in the same cert => big
> >> certs)
Sam Whited writes:
> On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson wrote:
>> I wonder if people really care about this usage any more -- it does not
>> scale well (all domains have to be encoded in the same cert => big
>> certs) and introduces an indirection which often leaves room for
>> att
On 20 July 2016 at 08:58, Florian Schmaus wrote:
> For the near future, I hope that certificates using only srvNames will
> become more common. But if you want to stay super "compatible" with all
> sorts of XMPP software out there, then you probably want to put your
> XMPP domain in the CN too. W
On 19.07.2016 18:36, Marvin Gülker wrote:
> Am Tue, 19 Jul 2016 16:15:40 +0200
> schrieb Florian Schmaus :
>> Isn't one problem that a cert with CN "example.org" will be valid for
>> all services found on example.org (simply speaking), whereas when
>> using SRV-ID restricts the cert to a particular
On 19 July 2016 at 17:36, Marvin Gülker wrote:
> Am Tue, 19 Jul 2016 16:15:40 +0200
> schrieb Florian Schmaus :
> > Isn't one problem that a cert with CN "example.org" will be valid for
> > all services found on example.org (simply speaking), whereas when
> > using SRV-ID restricts the cert to a
On Tue, Jul 19, 2016 at 06:36:01PM +0200, Marvin G??lker wrote:
> I have always wondered about which domains should actually be included
> into a TLS certificate for use in XMPP services once an SRV record is
> in place. Do I need a certificate which covers xmpp.example.com? Or
> does one for examp
Am Tue, 19 Jul 2016 16:15:40 +0200
schrieb Florian Schmaus :
> Isn't one problem that a cert with CN "example.org" will be valid for
> all services found on example.org (simply speaking), whereas when
> using SRV-ID restricts the cert to a particular service?
I have always wondered about which dom
On 19.07.2016 16:06, Sam Whited wrote:
> On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson wrote:
>> I wonder if people really care about this usage any more -- it does not
>> scale well (all domains have to be encoded in the same cert => big
>> certs) and introduces an indirection which often leav
I think the very question is: it's possible to use srv and let's encrypted
certificate? and if yes how with prosody?
2016-07-19 16:06 GMT+02:00 Sam Whited :
> On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson
> wrote:
> > I wonder if people really care about this usage any more -- it does not
> >
On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson wrote:
> I wonder if people really care about this usage any more -- it does not
> scale well (all domains have to be encoded in the same cert => big
> certs) and introduces an indirection which often leaves room for
> attackers
I don't understand
Martin Vietz writes:
> Hi Tomasz,
>
> On 10.07.2016 23:30, Tomasz Sterna wrote:
>> I am already using letsencrypt for https, but I wasn't sure it would
>> work with XMPP.
>
> You can also secure all other services using ssl/tls with x509, e.g.
> SMTP, IMAP, FTP over SSL, Mumble
Let's Encrypt doe
Hi Tomasz,
On 10.07.2016 23:30, Tomasz Sterna wrote:
> I am already using letsencrypt for https, but I wasn't sure it would
> work with XMPP.
You can also secure all other services using ssl/tls with x509, e.g.
SMTP, IMAP, FTP over SSL, Mumble
Best Regards
Martin
W dniu 10.07.2016, nie o godzinie 22∶49 +0200, użytkownik Martin Vietz
napisał:
> I strongly recommend you https://letsencrypt.org/
I am already using letsencrypt for https, but I wasn't sure it would
work with XMPP.
But actually it works like as a charm. Thank you all for suggesting it.
:)
I j
Hi Tomasz,
On 10.07.2016 21:45, Tomasz Sterna wrote:
> Which certificate provider giving free or reasonably priced
> certificates that work with XMPP would you recommend?
>
> Which do you use and could recommend?
I strongly recommend you https://letsencrypt.org/
It’s free, automated, and open.
Von: Tomasz Sterna
Datum: 10.07.2016 21:45 (GMT+01:00)
An: XMPP Operators Group
Betreff: [Operators] Obtaining XMPP-enabled certificate for server
Hi.
Which certificate provider giving free or reasonably priced
certificates that work with XMPP would you recommend?
I was using StartSSL
* Tomasz Sterna [2016-07-10 21:45]:
> Which certificate provider giving free or reasonably priced
> certificates that work with XMPP would you recommend?
Let's Encrypt?
Holger
Hi.
Which certificate provider giving free or reasonably priced
certificates that work with XMPP would you recommend?
I was using StartSSL certificates, but they just refused to renew my
certs and want me to "upgrade" for US$ 119.80 first.
I don't find this _reasonably_ priced cert for a free to
19 matches
Mail list logo
