ejabberd
Creating your SSL keys
Generate Key Pair:
# cd /etc/ejabberd # openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout privkey.pem -out server.pem
|
Note
|
You should enter your domain name as the Common Name for your certificate. |
Remove pass parse:
# openssl rsa -in privkey.pem -out privkey.pem
Combine the Private and Public Key:
# cat privkey.pem >> server.pem
Delete Private Key:
# rm privkey.pem
Set permissions:
# chown root:ejabberd server.pem # chmod 640 server.pem
Finally update the config file:
-
Change the ./ssl.pem string to /etc/ejabberd/server.pem.
-
Change starttls to tls in the listen section if you want to force users to use SSL.
Creating an administrator
Register an account on your ejabberd deployment. An account can be created using a jabber client like pidgin.
Add the following lines to you config:
{acl, admins, {user, "admin", "example.org"}}.
{access, configure, [{allow, admins}]}.
This will promote the account created in the previous step to an account with administrator rights.
Testing
Add the following line to your /etc/sysconfig/firewall, for example after mysql:
# ejabberd -A INPUT -p tcp -m tcp --dport 5222 -j ACCEPT
Now you should be able to connect to ejabberd remotely. Start your favourite jabber client on a remote machine (ie. pidgin) and register another account. You should be able to talk to the admin now and vica versa.
For more info, please read the Installation and Operation Guide, which can be found at /usr/share/doc/ejabberd-*/guide.html.