eJabberd and signed certificates (StartSSL)

DON'T post new tutorials here! Please use the "Pending Submissions" board so the staff can review them first.
Post Reply
User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:
Contact ayu

eJabberd and signed certificates (StartSSL)

Post by ayu »

Title: eJabberd and signed certificates

Description: This short tutorial will explain how to get a free signed class1 certificate to work with eJabberd.
The tutorial was made because the other guides and tutorials that are out there are mostly outdated and don't work anymore, and furthermore they create a lot of confusion, which is why I have been sitting for 2 days trying to solve this issue (and I was blindly believing what the guides and tutorials told me).

eJabberd version used: 2.1.8

First of all, this tutorial assumes that you already have a StartSSL account and that you have signed up for an SSL/TLS XMPP certificate.
If you haven't then do so now at:

Code: Select all

https://www.startssl.com
1: Anyway, so at this moment you should have the following files:

*Backup these files and put them somewhere safe

ssl.key
resulting from the certificate request process

ssl.crt
resulting from the certificate request process

ca.pem
available from

Code: Select all

http://www.startssl.com/certs/
sub.class1.server.ca.pem
available from

Code: Select all

http://www.startssl.com/certs/
2: You need to decode your key file (basically removing the pass phrase)

Code: Select all

openssl rsa -in ssl.key -out ssl.key
3: Concatenate your server’s certificate plus key and the intermediate certificate into a single pem file

Code: Select all

cat ssl.key ssl.crt sub.class1.server.ca.pem ca.pem > ejabberd.pem
4: Place the resulting file where your eJabberd server will access it

Code: Select all

chown ejabberd.ejabberd ejabberd.pem
chmod 400 ejabberd.pem
mv ejabberd.pem /opt/ejabberd/conf
5: Configure eJabberd to use the new certificate

Example:

Code: Select all

% Ordinary client-2-server service
 [{5222, ejabberd_c2s,     [{access, c2s},
                            {max_stanza_size, 65536},
                            starttls, {certfile, "/opt/ejabberd/conf/ejabberd.pem"},
                            {shaper, c2s_shaper}]},

% Use STARTTLS+Dialback for S2S connections
{s2s_use_starttls, true}.
{s2s_certfile, "/opt/ejabberd/conf/ejabberd.pem"}.
In the default configuration, all you have to do is basically replace "server.pem" with your own certificate.

6: Restart the server and it should work :)
"The best place to hide a tree, is in a forest"
Top
User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
19
Location: In your eye floaters.
Contact:
Contact bad_brain

Re: eJabberd and signed certificates (StartSSL)

Post by bad_brain »

I'm glad to see you figured it out man, good work! *thumb*
Image
Top
User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:
Contact ayu

Re: eJabberd and signed certificates (StartSSL)

Post by ayu »

bad_brain wrote:I'm glad to see you figured it out man, good work! *thumb*

Yeah finally some results!

It was with the help of StartCom support over a Jabber chat, that it eventually got solved :)
"The best place to hide a tree, is in a forest"
Top
User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:
Contact ayu

Re: eJabberd and signed certificates (StartSSL)

Post by ayu »

Added another smaller version of the same guide here

Code: Select all

http://wiki.alcor.se/index.php/Certs
Mostly for myself, but I'm posting it here as well for others to use if needed.
"The best place to hide a tree, is in a forest"
Top
Post Reply

Return to “Linux”