I have XMPP service running on the domain xmpp.mydomain.com.
The XMPP service runs on two back-end servers, im1.mydomain.com and im2.mydomain.com. Clients find out about these servers by an SRV DNS lookup on the XMPP address:
c:\> nslookup -type=SRV _xmpp-client._tcp.xmpp.mydomain.com
_xmpp-client._tcp.xmpp.mydomain.com SRV service location:
priority = 1
weight = 1
port = 5222
svr hostname = im1.mydomain.com
_xmpp-client._tcp.xmpp.mydomain.com SRV service location:
priority = 1
weight = 1
port = 5222
svr hostname = im2.mydomain.com
im1.mydomain.com internet address = x.y.z.1
im2.mydomain.com internet address = x.y.z.2
I have an SSL certificate for the XMPP domain xmpp.mydomain.com.
However, when trying to connect to XMPP from an Android client, I get the following error: javax.net.ssl.SSLHandshakeException: Hostname did not match identities: [xmpp.myserver.com]
Is it correct to have the certificate just cover the parent XMPP domain (xmpp.mydomain.com)? Or should it cover the hostnames of the servers behind that domain (im1.mydomain.com and im2.mydomain.com)?
