I've setup xmpp srv records in dns. They are for example.com, so a user can type their username as user@example.com. They expect to be connecting to "example.com" which responds with an ssl cert of "mail.example.com" and thus gives an ssl error.

In zmcertmgr, there are services [ldap|mta|proxy|mailboxd] I don't see a way of changing the cert for any of them individually, and I imagine the xmpp server is part of the mailboxd.

Is there a way to separate the daemons to have different SSL certs and separate the IM daemon? Or do I just need to buy a new cert specifying subjectAltName: example.com?