Hey there Dave, Dealing with SSL certs are a PITA however, in today¹s world - quite important if not mandatory. I would recommend, if possible, running the components with the -D option to get verbose output. You may have to re-compile the binaries to enable debug support. The output is very detailed and has helped me in the past quite a bit.
I haven¹t tackled this problem yet but will be soon enough. But don¹t Hold your breath for it. Shawn On 8/13/14, 11:13, "David Woodfall" <d...@dawoodfall.net> wrote: >Hi > >I hope that this isn't a little too offtopic, but I cannot seem to >get SSL/StartTLS to work. I have had the server running without >encryption successfully. > >Log shows: > >jabberd/router[7664]: failed to load SSL pemfile, SSL disabled >jabberd/s2s[7667]: failed to load router SSL pemfile, channel to >router will not be SSL encrypted >jabberd/c2s[7668]: failed to load xxxx.tk SSL pemfile >jabberd/sm[7665]: failed to load SSL pemfile, SSL disabled > >I've set the <pemfile> in the 4 xml files: > ><pemfile>/etc/jabberd2/key.pem</pemfile> > >And in c2s.xml: > > <id realm='xxxx.tk' > pemfile='/etc/jabberd2/key.pem' > cachain='/etc/jabberd2/cert.pem' > verify-mode='7' > require-starttls='true' > register-enable='true' > password-change='true' > >xxxx.tk</id > >I've tried 4 or 5 ways of making the key and cert files from >what I found by googling, but nothing seems to work. This is >the last method I tried: > >openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem \ >-days 9999 -nodes > >I put in the country code, FQDN and email but left the other >fields empty. > >Any help would be greatly appreciated. > >Dave > >-- >+-----------------------------------------------------------+ >| Studioware. We provide the tools. You make the music. | >| http://www.studioware.org | >| irc.freenode.net #studioware | >| irc.oftc.net #studioware | >+-----------------------------------------------------------+ > > > >