Certificate revoked

Yesterday our certificate signed by the XMPP Intermediate Certification Authority was revoked.
Supposingly it was ‘misused’ as a https certificate in order to secure the ejabberd administrationpanel as well as web-access to several MUCs. StartCom told us that wildcard-certificates issued by the XMPP ICA are not ment for (public) https usage.

This information is contrary to what is published in the Certificate Issuance HOWTO, which is based on the StartCom policy in this regard.

For the domain, provide the DNS hostname of the XMPP server. For example, if your organization is called “example.com” but your XMPP server is hosted at “im.example.com”, type “im” in the first box at the StartCom interface, type “example” in the second box, and select “com” from the dropdown list at the end of the “Domain: xmpp:” line. You can also request a wildcard certificate such as *.example.com (type “*” in the first box, type “example” in the second box, and select “com” from the dropdown list). A wildcard domain enables you to use the same certificate for multiple components (e.g., “groupchat.example.com” as well as “im.example.com”). You can even use a wildcard certificate for a domain such as “www.example.com”. NOTE: if your top-level domain is not available in the dropdown list, please send email to <mailto:certmaster@xmpp.org>.

This morning we applied for new certificates and are awaiting approval. We are sorry for the inconvenience and will update you once the certificates have been exchanged.

Update: The certificates have been exchanged successfully. Have a nice stay!

Leave a Reply

Your email address will not be published. Required fields are marked *