TLS configuration for separate SM and CM setup

Will Tan
Added 9 months ago


I was testing a setup with separate SM and CM on different machine based on the following:

and I assume that TLS should be configured in the CM portion

But seems like the Tigase setup is not recognizing the TLS configuration that I put in the
The same configuration was working when the Tigase is combined together (SM and CM in the same instance)

When I tried to connect to the server through a PSI client, it showed that I have a self-signed cert rather than the cert in the configuration

I understand that this is based on Tigase 7.0.0 which is quite long ago but I would like to ask if there are any further requirement is needed for the CM/SM portion to activate TLS.

My TLS configuration portion (Working for single setup but not for separate):

--ssl-def-cert-domain =

basic-conf/ = /opt/tigase-7.0.0/certs/

--vhost-tls-required = true

--vhost-anonymous-enabled = false
--vhost-register-enabled = false



Replies (2)


Added by Will Tan 9 months ago

I found out what the issue is with the above, so the issue above can be ignored.

When I initially tried out the Tigase without setting the basic-conf/,
the server generated a file in the certs folder and my PSI client is getting this generated self-signed cert instead of the one I defined.

As for the CM and SM on separate machine,
is there any updated documentation on this specific setup?
There are still some unintended behaviour that is not happening in a single setup which might be caused by my configuration.


Added by Wojciech Kapcia TigaseTeam 9 months ago

I'm glad that you figured it out. We are constantly working on updating documentation but I can't provide you with timeframe when CM/SM setup will be thoroughly revised.