Hello! (first post!)
I have been trying to install a StartCom certificate on my ejabberd server, but it just wont work!
I can install it, but the XMPP clients are still saying that they can't verify the certificate.
What I am doing is the following (Following this guide: )
* I have placed these files on the server
ssl.key (resulting from the certificate request process)
ssl.crt (idem)
sub.class1.xmpp.ca.crt (available from StartCom)
* I decoded the private key using my very long and secure password
openssl rsa -in ssl.key -out ssl.key
* I concatenated the files into a single pem file
cat ssl.crt ssl.key sub.class1.xmpp.ca.crt >ejabberd.pem
* I fixed the permissions of the file, and moved it to a location where ejabberd can access it
chown ejabberd.ejabberd ejabberd.pem
chmod 400 ejabberd.pem
mv ejabberd.pem /opt/ejabberd/conf/
* I updated the ejabberd conf file to use the new pem file (basically just replaced server.pem from the self signed cert, with the ejabberd.pem file)
Have I missed anything?
I can add the following as
I can add the following as well when trying to verify the pem file
ejabberd.pem: /description=502668-N1E4p2sk647fEzkL/CN=mai.alcor.se/emailAddress=postmaster@alcor.se
error 20 at 0 depth lookup:unable to get local issuer certificate
EDIT:
I have found the problem.
It seems that the file sub.class1.xmpp.ca.crt does not exist on that address anymore, thus the contents of the file was wrong (an error in fact).
Does anyone know the correct source for this file, or maybe this is the wrong forum for that kind of question? ;
I would know where to get the
I would know where to get the sub.class1.xmpp.ca.crt as well becouse i can't find it anywhere..
Hi folk -- I was able to get
Hi folk -- I was able to get it at: wget
er -- you can replace the
er -- you can replace the .pem with .crt =) (both are available though)
Anyway, I solved my
Anyway, I solved my problem.
I made a small tutorial on the entire process, available at the link below