Once I've obtained free SSL certificates from Let's Encrypt, preferrably wildcard ones, as described in another article here at Mimar - Let's Encrypt Wildcard Certificates On FreeBSD With BIND DNS Validation - I'm going to combine them into single PFX file so it can be used by Microsoft Exchange to secure IMAP, SMTP, POP and IIS services.
As of ejabberd-17.11, configuration option
certfile, which should point to combined PEM file which consists of private key, server certificate and intermediate certificate(s), was replaced with configuration option
certfiles, which should point to directory which holds private key, server certificate, and intermediate certificate(s) in separate PEM files. Also,
ca_file configuration option was introduced, which should point to "trusted root certificate bundle".
For ejabberd-17.11 and newer, configuration is similar to:
### ======= CERTIFICATES ======== ### certfiles: - "/etc/ssl/certs/live/mimar.rs/*.pem" ca_file: "/usr/local/etc/ssl/cert.pem"
Contrary to StartSSL’s FAQ, it is now possible for authenticated users to submit certificate requests (CSRs) for client (S/MIME) certificates. However, certificates are issued in PEM format, while most browsers and mail clients prefer PKCS#12 format. This article describes steps to create private key and corresponding certificate request, as well as how to create PKCS#12 file after obtaining signed client certificate.