Bear's Log

In order to start testing some code with the new Google Wave federation server I was setting up a new XMPP server and ran into a small glitch when I got to the SSL Cert part of the install :) (I always have trouble with ssl certs it seems, been doing this stuff for years and still get it wrong!)

What the certificate sites don’t normally tell you is that you need to include the Certificate Authority’s (aka CA) root certificate along with your new site certificate - that way when the remote user/client requests your cert it has all of the authority chain it needs in one handy package. The way to do this is to simply append the CA’s cert (they are just ASCI files after all) after your site cert:

cat ca.cert site.cert > /etc/ssl/certs/foo.cert

After doing that restart your XMPP server and it should work!

If you are taking advantage of StartCom’s free XMPP Certificate, then you need to download the proper one - they don’t make it easy to find!

http://www.startssl.com/certs/sub.class1.server.ca.pem

Much thanks to the Prosody team (MattJ, Flo and darkrain) for the debugging help to figure all of this out!