[erlang-questions] SSL certificate's subject too long

Ingela Andin <>
Wed Jun 27 09:59:15 CEST 2012


Hi!

2012/6/27, Loïc Hoguin <>:
> On 06/25/2012 10:27 PM, Ingela Andin wrote:
>> Hi!
>>
>> 2012/6/25 Loďc Hoguin <>:
>>> Hey,
>>>
>>> I'm running into the exact issue described here:
>>> http://www.mentby.com/Group/rabbitmq-discuss/ssl-certificate-error.html
>>>
>>> The certificate I have has a too long Subject line and Erlang just fails
>>> when trying to load it. This is a RapidSSL certificate, with a CA. Not
>>> sure
>>> I can just modify the subject directly while keeping it valid (don't
>>> know
>>> how anyway).
>>>
>>> Does anyone know how I could manage to use this certificate? If I need
>>> to
>>> patch OTP, any pointers as to where this fails is more than welcome.
>>>
>>> Thanks.
>>>
>>
>> The ecertfile is a backwards compatibility error code that you will
>> get if ssl has a problem reading the certfile.
>> It could be a file-error or a file-format error, or a bug in OTP
>> application public_key. So if you want to pinpoint the error you can
>> do:
>> {ok, PemBin} = file:read_file("Cert.pem").
>> PemEntries = public_key:pem_decode(Pembin).
>> public_key:pem_entry_decode(hd(PemEntries)).
>
> Getting {'RSAPrivateKey','two-prime', ...
>
> All entries decode fine too.
>
> What next?

All entries, is there more than one certificate entry?

You can try tracing?  (Use observer if you are not comfortable using
dbg-module directly)

Regards Ingela Erlang/OTP team - Ericsson AB



More information about the erlang-questions mailing list