We are currently running, Debian Woody 2.4.27 with ejabberd 0.7.5-7. We have used and install ssl (0.9.7e-3) based on the tutorial here (jabberstudio.org/2/docs/app_sslkey.html). WE cannot seem to get an encrypted connection using port 5223. When telnetting to the 5222 port we receive an XML response, however on 5223, there is no response. The following is an exceprt of the ejabberd.cfg file:
% Listened ports:
{listen,
% Ordinary client-2-server service
[{5222, ejabberd_c2s, [{access, c2s},
starttls, {certfile, "/etc/ssl/certs/ejabberd.pem"},
{shaper, c2s_shaper}]},
% SSL-enabled client-2-server service
{5223, ejabberd_c2s, [{access, c2s},
tls, {certfile, "/etc/ssl/certs/ejabberd.pem"},
{shaper, c2s_shaper}]},
We are using GAIM, but have also tried Exodus, we can connect without SSL, but we would prefer to encrypt all traffic. Does anyone have any suggestions as to what steps we may have missed or additional changes that should be made to ejabberd.cfg? Thanks in advance.
check the file is readable by ejabberd
The config looks right, and that's the only place where you need to specify the certificate.
If the SSL certificate is bad created, the route is not correctly specified on ejabberd.cfg or if the file is not readable by the system user that runs ejabberd, a message in the log will appear every time a user tries to connect using SSL, STARTTLS or SASL: