Jason Self at
This is easy: Use your own TLS certificate (for your the XMPP server's domain) The XMPP server that handles a given domain doesn't have to be in that domain (i.e., you have the SRV record for your friend's domain list your domain name for the target.) Clients and other XMPP servers connect to that domain name, thereby expecting your domain name and ta da - life is good.
Or if you don't want to do that use a subdomain, which can be renewed on your XMPP server assuming that the DNS records resolve to the IP of the XMPP server. But really, the first option is probably the better one. It's what I do - look up the DNS SRV records for jxself.org for an example. Both domains are controlled by me.
Or if you don't want to do that use a subdomain, which can be renewed on your XMPP server assuming that the DNS records resolve to the IP of the XMPP server. But really, the first option is probably the better one. It's what I do - look up the DNS SRV records for jxself.org for an example. Both domains are controlled by me.