Allow otherNames Aliases #197

New Issue

adam · 2025-12-29T01:18:43+01:00

adam commented

2025-12-29 01:18:43 +01:00

Originally created by @kermitDerFrosch on GitHub (Feb 17, 2017).

Use this diff to allow signing of working xmpp s2s certs.

others.diff.txt

Originally created by @kermitDerFrosch on GitHub (Feb 17, 2017). Use this diff to allow signing of working xmpp s2s certs. [others.diff.txt](https://github.com/lukas2511/dehydrated/files/783140/others.diff.txt)

adam closed this issue

2025-12-29 01:18:44 +01:00

adam commented

2025-12-29 01:18:44 +01:00

@lukas2511 commented on GitHub (Jul 10, 2017):

I don't understand, where does this othername: come from? The only thing I found that mentioned this was for arbitrary data which doesn't really make sense for altnames...

@lukas2511 commented on GitHub (Jul 10, 2017): I don't understand, where does this `othername:` come from? The only thing I found that mentioned this was for arbitrary data which doesn't really make sense for altnames...

adam commented

2025-12-29 01:18:44 +01:00

@kermitDerFrosch commented on GitHub (Jul 10, 2017):

you need something like this, for correct s2s support

subjectAltName = @subject_alternative_name

[subject_alternative_name]
DNS.0 = <yourdomain>
DNS.1 = conference.<yourdomain>
DNS.2 = proxy.<yourdomain>
otherName.0 = 1.3.6.1.5.5.7.8.7;IA5STRING:_xmpp-client.<yourdomain>
otherName.1 = 1.3.6.1.5.5.7.8.7;IA5STRING:_xmpp-server.<yourdomain>
otherName.2 = 1.3.6.1.5.5.7.8.5;FORMAT:UTF8,UTF8:<yourdomain>
otherName.3 = 1.3.6.1.5.5.7.8.5;FORMAT:UTF8,UTF8:conference.<yourdomain>
otherName.4 = 1.3.6.1.5.5.7.8.5;FORMAT:UTF8,UTF8:proxy.<yourdomain>

@kermitDerFrosch commented on GitHub (Jul 10, 2017): you need something like this, for correct s2s support ``` subjectAltName = @subject_alternative_name [subject_alternative_name] DNS.0 = <yourdomain> DNS.1 = conference.<yourdomain> DNS.2 = proxy.<yourdomain> otherName.0 = 1.3.6.1.5.5.7.8.7;IA5STRING:_xmpp-client.<yourdomain> otherName.1 = 1.3.6.1.5.5.7.8.7;IA5STRING:_xmpp-server.<yourdomain> otherName.2 = 1.3.6.1.5.5.7.8.5;FORMAT:UTF8,UTF8:<yourdomain> otherName.3 = 1.3.6.1.5.5.7.8.5;FORMAT:UTF8,UTF8:conference.<yourdomain> otherName.4 = 1.3.6.1.5.5.7.8.5;FORMAT:UTF8,UTF8:proxy.<yourdomain> ```

adam commented

2025-12-29 01:18:45 +01:00

@lukas2511 commented on GitHub (Jul 10, 2017):

This looks like something which would be stripped by Let's Encrypt / Boulder anyway, or is this supported? Have you tried this using a custom csr?

@lukas2511 commented on GitHub (Jul 10, 2017): This looks like something which would be stripped by Let's Encrypt / Boulder anyway, or is this supported? Have you tried this using a custom csr?

adam commented

2025-12-29 01:18:45 +01:00

@kermitDerFrosch commented on GitHub (Jul 10, 2017):

Seems like it is supported. I make my xmpp certs with this othername directive and sign them with the pathed version. I never have problems. If I make a cert without it, I get s2s errors from the server.

@kermitDerFrosch commented on GitHub (Jul 10, 2017): Seems like it is supported. I make my xmpp certs with this othername directive and sign them with the pathed version. I never have problems. If I make a cert without it, I get s2s errors from the server.

adam commented

2025-12-29 01:18:46 +01:00

@lukas2511 commented on GitHub (Jul 11, 2017):

Okay, I merged your changes since they shouldn't interfere with anything else and if that makes dehydrated work for you (and probably a few other people) that's great 😄 Thanks for the suggestion.

@lukas2511 commented on GitHub (Jul 11, 2017): Okay, I merged your changes since they shouldn't interfere with anything else and if that makes dehydrated work for you (and probably a few other people) that's great :smile: Thanks for the suggestion.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#197