If other people get the UNABLE_TO_VERIFY_LEAF_SIGNATURE error, check that your XMPP server provides the correct certificate chain.
You can use OpenSSL for this:
$ openssl s_client -connect $domain:$port -starttls xmpp -showcerts </dev/null CONNECTED(00000003) depth=0 CN = $domain verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = $domain verify error:num=21:unable to verify the first certificate verify return:1 depth=0 CN = $domain verify return:1