Once I've obtained free certificates from Let's Encrypt, preferrably with dehydrated on FreeBSD, I'm going to combine them into single PEM file so it can be used by my favourite XMPP server - ejabberd - for securing both c2s (client-to-server) and s2s (server-to-server) traffic.

Assuming I'm storing my Let's Encrypt certificates in dehydrated's default directory, and my domain is mimar.rs, I just need to merge privkey.pem and fullchain.pem into separate file:

cat /usr/local/etc/dehydrated/certs/mimar.rs/privkey.pem \
   /usr/local/etc/dehydrated/certs/mimar.rs/fullchain.pem > \
   ~/mimar.rs-combined.pem

We need to move this file to more appropriate location (/etc/ssl/private/ on FreeBSD), and - as it contains our private key - make sure it is readable by ejabberd account only:

mv ~/mimar.rs-combined.pem /etc/ssl/private/
chown ejabberd:ejabberd /etc/ssl/private/mimar.rs-combined.pem
chmod 400 /etc/ssl/private/mimar.rs-combined.pem

All that remains to be done in order to secure our chats from prying eyes is to instruct ejabberd to use combined certificate where appropriate.

Next Post Previous Post