Getting SSL certificate chain from jabber server

ssl xmpp

Solution 1:

The solution is: Jabber requires starttls:

openssl s_client -connect my.jabber.server.net:5222 </dev/null -starttls xmpp

returns the certificate

Solution 2:

As noted in a previous answer, Jabber/XMPP requires -starttls.

Client-to-server (c2s) certificate for my.jabber.server.net.

openssl s_client -connect my.jabber.server.net:5222 </dev/null -starttls xmpp

To expand upon that answer, there are two types of connections:

  • Normal client logins: -starttls xmpp, default port 5222
  • Connection between servers: -starttls xmpp-server, default port 5269

Server-to-server (s2s) certificate for my.jabber.server.net.

openssl s_client -connect my.jabber.server.net:5269 </dev/null -starttls xmpp-server

With openssl v1.1.0+ you can also check custom domains, with the -xmpphost <domain> flag, or use the option alias -name in openssl v1.1.1+.

Client-to-server (c2s) certificate for custom domain other.example.org hosted by my.jabber.server.net:

openssl s_client -connect my.jabber.server.net:5222 </dev/null -starttls xmpp -xmpphost other.example.org

Server-to-server (s2s) certificate for custom domain other.example.org hosted by my.jabber.server.net:

openssl s_client -connect my.jabber.server.net:5269 </dev/null -starttls xmpp-server -xmpphost other.example.org

Related

Backup storage server with ZFS
Anybody have experience with using Nexenta? [closed]
SSH between EC2 instances not permitted
Minimum number of disks to implement RAID6
RAID strategy - 8 1TB drives
Installing open-vm-tools in Ubuntu via Puppet; what's the lesser evil?
Automated hardware testing of HP servers?
SSSD Authentication to Windows Domain without @domain.com everywhere
HP to Cisco spanning tree root flapping
How can I forward mail while saving a copy using postfix and mysql?
What are the practical risks of enabling the unsecure DNS updates on Windows?
How to disable automatic scheduled Puppet runs that occur every 30 minutes?