I just added an account to Jitsi. The JID’s host name is listed as part of the certificate’s (several) Subject Alternative Names, but not as part of the common name. However, Jitsi complains that the certificate is invalid („Jitsi can't verify the identity of the server when connecting to [example.com, _xmpp-client.example.com]“).
Could it be that Jitsi only checks in the CN and not in SAN? If so, could this be fixed?
Also, why is the verified name _xmpp-client.example.com, not _xmpp-client._tcp.example.com, the name of the SRV record?
BTW: It would be nice if Jitsi were to support DANE, as this handles the server and service host names, among other things.