[erlang-questions] SSL certificate's subject too long

Ingela Andin <>
Mon Jun 25 22:27:10 CEST 2012


Hi!

2012/6/25 Loïc Hoguin <>:
> Hey,
>
> I'm running into the exact issue described here:
> http://www.mentby.com/Group/rabbitmq-discuss/ssl-certificate-error.html
>
> The certificate I have has a too long Subject line and Erlang just fails
> when trying to load it. This is a RapidSSL certificate, with a CA. Not sure
> I can just modify the subject directly while keeping it valid (don't know
> how anyway).
>
> Does anyone know how I could manage to use this certificate? If I need to
> patch OTP, any pointers as to where this fails is more than welcome.
>
> Thanks.
>

The ecertfile is a backwards compatibility error code that you will
get if ssl has a problem reading the certfile.
It could be a file-error or a file-format error, or a bug in OTP
application public_key. So if you want to pinpoint the error you can
do:
{ok, PemBin} = file:read_file("Cert.pem").
PemEntries = public_key:pem_decode(Pembin).
public_key:pem_entry_decode(hd(PemEntries)).

If your cert is breaking the ASN-1 spec you have a problem. To be able
to fix the certificate you need to change the certificate and sign the
new certificate with the private key that signed your certificate. If
you have access to the key it is doable. I am not familiar with
RapidSSL but if they are breaking the specs I think they should create
a new and valid certificate for you. You could workaround it by
changing the public_key applications ASN1-spec but it feels wrong...

Regards Ingela Erlang/OTP team - Ericsson AB



More information about the erlang-questions mailing list