ejabberd - Comments for "TLS not working, SSL works"

Finally got TLS to work!

hadar — Sat, 21 Apr 2007 14:29:19 +0000

I got my hands on a new machine, running CentOS 5.0. The installer for generic linux still fails on TLS support (for me at least).

So, I downloaded and built the latest Erlang (as above, but this time a newer release), and as before, crypto:start(). worked fine.

I downloaded and built ejabberd-1.1.3 and installed it. It did _not_ work.

I then hand-built the directory structure for the hand-built ejabberd to match the installer's directory structure exactly, substituting symlinks for each erlang file, from the new erlang install.

Finally, I copied over the installer's ejabberdctl file, since the one that comes in the tools directory of a source build doesn't have any of the added goodies.

After a few false starts and tweaks (all my errors to begin with), I now have everything running correctly. I can log in with any Jabber client with TLS, I can do s2s stuff, and I can use https _with TLS_ for admin as well.

Whew! I was really hoping to be able to use ejabberd, and now I finally can.

Here's hoping that the above will help someone else...

re: tls on FreeBSD

yushun — Fri, 30 Mar 2007 20:55:16 +0000

Thanks! TLS works on the same machine (though not in jail). Hmm, maybe I should generate a new certificate and try again within the jail. I'll report back if that's indeed the problem. Just for the record, I am using Erlang port, (not lite), with the base Openssl distribution (not port) on FreeBSD 6.2, also running 1.1.2 server. Since SSL still works so I didn't bother to try a new certificate. (I was migrating/upgrading an existing server, so continue to use the original cert/key.)

tls on FreeBSD

dotdash — Thu, 29 Mar 2007 20:53:28 +0000

Haven't tried 6.2, but I got tls running fine under FreeBSD 6.1. (running 1.1.2 with LDAP/AD auth, jwchat, logging)
I got the erlang-lite port and built erlang from that. Installed the stable OpenSSL from ports.
I enabled SSL and TLS, but clients are connecting via TLS unless I'm being daft (can connect with 'require tls' checked, connects on 5222)
Here are my notes: (pasted in, so excuse the formatting...)
cd /etc/ejabberd

openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem
openssl rsa -in privkey.pem -out privkey.pem
cat privkey.pem >> server.pem
rm privkey.pem

Now edit your ejabberd.cfg file and specify the correct location of your server.pem:

{listen, [{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper},
starttls, {certfile, "/etc/ejabberd/server.pem"}]},
{5223, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper},
ssl, {certfile, "/etc/ejabberd/server.pem"}]},

Just a me-too post. My

yushun — Sat, 24 Mar 2007 22:43:34 +0000

Just a me-too post. My problem is with 1.1.2 on FreeBSD 6.2. But it looks like an Erlang issue, judging from what you find. (See message 002618 on the list archive.)

Did anyone get tls or starttls work on 1.1.2 or 1.1.3?