[erlang-questions] SSL: "unknown ca"
e@REDACTED
e@REDACTED
Fri Jan 30 19:25:58 CET 2015
Hi, all.
SSL: certify: ssl_alert.erl:92:Fatal error: unknown ca
I know this issue generates thousands of "hits" in google-search
yet google does not reveal a consistent explanation (not a recipe!)
first of all: Unknown TO WHOM???
secondly: What CA will be considered known?
what properties of CA are required?
may we assume that "CA" and "a certificate file" are synonyms in the
current context? otherwise, what is CA and how is it represented?
and last but not least: Might be this error induced by some lower-level
reason, unrelated to "CA familiarity", for example unacceptable
certificate format?
My config is:
{cacertfile, Dir ++ "ca.crt"} % self-signed
{certfile, Dir ++ "server.crt"} % signed by ca.crt
{keyfile, Dir ++ "server.key"}
% no other options are explicitly specified
where files are produced by the following procedure:
openssl genrsa -des3 -out ca.key 1024
openssl req -new -key ca.key -out ca.csr
cp ca.key ca.key.orig
openssl rsa -in ca.key.orig -out ca.key
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey ca.key -out server.crt
cp server.key server.key.orig
openssl rsa -in server.key.orig -out server.key
More information about the erlang-questions
mailing list