[erlang-questions] SSL certificate's subject too long

Loïc Hoguin essen@REDACTED
Wed Jun 27 10:46:21 CEST 2012


On 06/27/2012 09:59 AM, Ingela Andin wrote:
> Hi!
>
> 2012/6/27, Loïc Hoguin <essen@REDACTED>:
>> On 06/25/2012 10:27 PM, Ingela Andin wrote:
>>> Hi!
>>>
>>> 2012/6/25 Loďc Hoguin <essen@REDACTED>:
>>>> Hey,
>>>>
>>>> I'm running into the exact issue described here:
>>>> http://www.mentby.com/Group/rabbitmq-discuss/ssl-certificate-error.html
>>>>
>>>> The certificate I have has a too long Subject line and Erlang just fails
>>>> when trying to load it. This is a RapidSSL certificate, with a CA. Not
>>>> sure
>>>> I can just modify the subject directly while keeping it valid (don't
>>>> know
>>>> how anyway).
>>>>
>>>> Does anyone know how I could manage to use this certificate? If I need
>>>> to
>>>> patch OTP, any pointers as to where this fails is more than welcome.
>>>>
>>>> Thanks.
>>>>
>>>
>>> The ecertfile is a backwards compatibility error code that you will
>>> get if ssl has a problem reading the certfile.
>>> It could be a file-error or a file-format error, or a bug in OTP
>>> application public_key. So if you want to pinpoint the error you can
>>> do:
>>> {ok, PemBin} = file:read_file("Cert.pem").
>>> PemEntries = public_key:pem_decode(Pembin).
>>> public_key:pem_entry_decode(hd(PemEntries)).
>>
>> Getting {'RSAPrivateKey','two-prime', ...
>>
>> All entries decode fine too.
>>
>> What next?
>
> All entries, is there more than one certificate entry?

1 rsa private key entry followed by 3 certificate entries.

There's one for domain.com, one for *.domain.com and IIRC one for 
*.*.domain.com.

> You can try tracing?  (Use observer if you are not comfortable using
> dbg-module directly)

Will do.

-- 
Loïc Hoguin
Erlang Cowboy
Nine Nines





More information about the erlang-questions mailing list