https://www.ejabberd.im/node/1179 en https://www.ejabberd.im/node/1179#comment-58395 <p><a href="http://www.ejabberd.im/node/4345" title="http://www.ejabberd.im/node/4345">http://www.ejabberd.im/node/4345</a></p> <p>Here is the crucial point that hung me up for an hour:</p> <p>The ejabberd.pem contains three pieces of information, all of which are necessary to establish the secure connection. Your RSA private key, your certificate issued by the CA, and the CA's intermediate certificate.</p> <p>Therefore the contents of the .pem file to which your ejabberd.cfg points should look like this:</p> <div class="codeblock"><code>-----BEGIN RSA PRIVATE KEY-----<br />[... your private key data ... ]<br />-----END RSA PRIVATE KEY-----<br />-----BEGIN CERTIFICATE-----<br />[... your own certificate ...]<br />-----END CERTIFICATE-----<br />-----BEGIN CERTIFICATE-----<br />[... your CA&#039;s intermediate certificate ...]<br />-----END CERTIFICATE-----</code></div> <p>That pem file should only be readable by the user under which ejabberd runs.</p> Sun, 26 Feb 2012 22:26:30 +0000 scresante comment 58395 at https://www.ejabberd.im https://www.ejabberd.im/node/1179#comment-2731 <p>- get CACert root certificate<br /> - add to your SSL system (OpenSSL) to make sure your SSL system can recognize CACert. CACert root certificate still not shipped with OpenSSL by default.<br /> - check your certificate, with command 'openssl verify .certificate file name.'</p> <p>must done on both side</p> Fri, 15 Dec 2006 09:43:38 +0000 kakuz comment 2731 at https://www.ejabberd.im