There is number of certificate providers offering certificates either for free or for money. You can use any of them, however you have to be aware that sometimes certificates might not be recognized by all XMPP servers, especially if it’s one from a new provider. Here is an example list of providers:
- LetsEncrypt - please see the section called “Installing LetsEncrypt Certificates in Your Linux System” for details
- CAcert - free certificates with an excellent Web GUI for managing generated certificates and identities.
- Verisign - very expensive certificates comparing to above provides but the provider is recognized by everybody. If you have a certificate from Verisign you can be sure it is identified as a valid certificate.
- Comodo Certificate Authority offers different kind of commercial certificates
To obtain certificate from a third party authority you have to go to its website and request the certificate using certificate request generated above. I cannot provide any instructions for this as each of the providers listed have different requirements and interfaces.
We highly recommend using LetsEncrypt keys to self-sign and secure your domain. Instructions are in the next section.