They are. XMPP operates like the web, and therefore with web CAs: the desire is trusted communication between arbitrary units that don’t know each other, other than via the FQDN. Only that it’s s2s and both sides authenticate the other from the certificates.