Description: This short tutorial will explain how to get a free signed class1 certificate to work with eJabberd.
The tutorial was made because the other guides and tutorials that are out there are mostly outdated and don't work anymore, and furthermore they create a lot of confusion, which is why I have been sitting for 2 days trying to solve this issue (and I was blindly believing what the guides and tutorials told me).
eJabberd version used: 2.1.8
First of all, this tutorial assumes that you already have a StartSSL account and that you have signed up for an SSL/TLS XMPP certificate.
If you haven't then do so now at:
Code: Select all
https://www.startssl.com
*Backup these files and put them somewhere safe
ssl.key
resulting from the certificate request process
ssl.crt
resulting from the certificate request process
ca.pem
available from
Code: Select all
http://www.startssl.com/certs/
available from
Code: Select all
http://www.startssl.com/certs/
Code: Select all
openssl rsa -in ssl.key -out ssl.key
Code: Select all
cat ssl.key ssl.crt sub.class1.server.ca.pem ca.pem > ejabberd.pem
Code: Select all
chown ejabberd.ejabberd ejabberd.pem
chmod 400 ejabberd.pem
mv ejabberd.pem /opt/ejabberd/conf
Example:
Code: Select all
% Ordinary client-2-server service
[{5222, ejabberd_c2s, [{access, c2s},
{max_stanza_size, 65536},
starttls, {certfile, "/opt/ejabberd/conf/ejabberd.pem"},
{shaper, c2s_shaper}]},
% Use STARTTLS+Dialback for S2S connections
{s2s_use_starttls, true}.
{s2s_certfile, "/opt/ejabberd/conf/ejabberd.pem"}.
6: Restart the server and it should work