I see that there are various problems with certificates and also the Pandion client. I will wait for resolution on the Pandion issue but I am still struggling to understand the issues on the CSR.
I am running 3.2.0 and I tried to use the XMPP Federation Certification Authority (StartCom)
I have made several attempts at certification and finally deleted the keys and started again. Unfortunately I got the same result.
I copied the CSR and pasted it into the XMPP request web page and received the following response after entering the validation information
CN=rectoryhouse.net/OU=Domain validated only/O=David Pullen/emailAddressfirstname.lastname@example.org
There seems to be a problem creating your certificate! Please check your details and try again.
I entered the Issuer information into the Signing request on my Wildfire server (running on Windows2k)
Organizational Unit: rectoryhouse.net
Organization: David Pullen
Country Code: GB