[erlang-questions] SSL: "unknown ca"
Sun Feb 1 19:04:35 CET 2015
2015-01-30 21:37 GMT+01:00 e@REDACTED <e@REDACTED>:
> On 01/30/2015 09:18 PM, Ingela Andin wrote:
>> 2015-01-30 19:25 GMT+01:00 e@REDACTED <e@REDACTED>:
>> Hi, all.
>>> SSL: certify: ssl_alert.erl:92:Fatal error: unknown ca
>>> I know this issue generates thousands of "hits" in google-search
>>> yet google does not reveal a consistent explanation (not a recipe!)
>>> first of all: Unknown TO WHOM???
>> To the client or server trying to verify its peer certificate.
> since the error appears on the server side,
> may i deduce that the server (Erlang's ssl application)
> is trying to verify the client (a browser)?
No, the error does not appear on the server side. The error appers on the
client side that sends
a TLS alert message to the server side that will log the reason why the
> in this case i want to know how to disable this feature.
> (i only need to verify the server by the client)
You did not enable client certification.
> secondly: What CA will be considered known?
>>> The root CA must be present in the verifiers CA database (cacertfile or
>> corresponding option for that client/server).
> my 'cacertfile' (as given to the 'ssl' application) contains one and only
> one certificate which is self-signed.
> what properties of CA are required?
>>> may we assume that "CA" and "a certificate file" are synonyms in the
>>> current context? otherwise, what is CA and how is it represented?
> Certificates and CA certificates are defined in RFC 5280. The are defined
>> by as ASN-1 specifications and can normaly be inputed as ASN-1 DER (binary
>> format) or
>> as a PEM file (a text file representaion of the "DER-blob").
> I was asking something else.
> When 'ssl' application complains about a "CA" does it mean a corresponding
> certfile that represents a CA or something else?
> (Does it consider any other data sources besides those files provided by
No, but you are not doing client certification verification as you did not
Regards Ingela Erlang/OTP team - Ericsson AB
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions