Adding cert to eJabberd server

Forgot how to do this and took a little while to figure it out again.
Thus I have decided to put my solution here.
Security wise there are some things that need to be considered here.
Like the part where I decode the key so that I don’t have to insert the password every time the server starts.
I do this because it’s a VPS, but it wouldn’t always be optimal security wise.
I “solve” this problem by setting very strict permissions on the file (which you should always do anyway).

XMPP Certificate guide
You should start with the following files (I get my certs from Startcom SSL).

resulting from the certificate request process

resulting from the certificate request process

available from
available from

Now you need to decode the key file, so that we don’t have to insert the password everytime we start the server

openssl rsa -in ssl.key -out ssl.key

Concatenate the files into one pem file (the order is crucial here)

cat ssl.key ssl.crt ca.pem > ejabberd.pem

Move the file where your server can reach it

chown ejabberd.ejabberd ejabberd.pem
chmod 400 ejabberd.pem
mv ejabberd.pem /opt/ejabberd/conf

Then you configure and restart the server, here’s an example of my conf

% Ordinary client-2-server service
 [{5222, ejabberd_c2s,     [{access, c2s},
                            {max_stanza_size, 65536},
                            starttls, {certfile, "/opt/ejabberd/conf/ejabberd.pem"},
                            {shaper, c2s_shaper}]},

% Use STARTTLS+Dialback for S2S connections
{s2s_use_starttls, true}.
{s2s_certfile, "/opt/ejabberd/conf/ejabberd.pem"}.