Hi, thank you very much for this detailed bugreport!
I have contacted upstream, and they requested sample certificates (PEMs) for ejabberd (cert+key) and CA (without key). I tried running your script on Buster, but it fails: $ ./gen Password: test Generating private-int-key.pem... Assuming PKCS #8 format... ** Note: You may use '--sec-param High' instead of '--bits 4096' Generating a 4096 bit RSA private key... Generating private-int-req.pem... Generating a PKCS #10 certificate request... Generating private-int-cert.pem Generating a signed certificate... error importing CA certificate: public/private-ca-cert.pem: Base64 unexpected header error. With sample PEMs I'll forward this to an issue at https://github.com/processone/pkix, you're welcome to do it yourself if you like. FWIW, upstream also suspects this to be a bug in Erlang itself rather than ejabberd, hence I'm CCing the Erlang maintainer(s). Best wishes -- .''`. Philipp Huebner <debala...@debian.org> : :' : pgp fp: 6719 25C5 B8CD E74A 5225 3DF9 E5CA 8C49 25E4 205F `. `'` `-
signature.asc
Description: OpenPGP digital signature
