/ ssl

Prosody.im with StartSSL certificate

I've been using Prosody for a few years now and just updated to the latest version 0.9.1. The server is written in Lua and is quite easy to set up.

Since my SSL certificate just expired I had to get a new one and set it up for Prosody. StartSSL provides free SSL server certificates that are accepted by most operating systems and browsers today, so there is no need to set up a self-signed certificate.

In order to get an SSL certificate from StartSSL you will have to validate the ownership of your domain first. After that you can use the Certificates Wizard to create a new XMPP (Jabber) SSL/TLS Certificate.

Once you have generated both your key and your certificate you need to store them on your server and tell Prosody where they are. Add the following lines to your prosody.cfg.lua:

ssl = {
  key = "/path/to/certs/domain.tld.key";
  certificate = "path/to/certs/domain.tld.cert";
}

You also need to make sure that the TLS module is activated by removing the two dashes from the "tls" line in the config file. You may also take a look at the official documentation for SSL with Prosody.

Now you are almost ready to go. However, it is also necessary to download the sub.class1.server.ca.pem and append it to the generated certificate:

cat sub.class1.server.ca.pem >> domain.tld.cert

Now you can start your Prosody server with prosodyctl start.