[erlang-questions] SSL: "unknown ca"

PAILLEAU Eric eric.pailleau@REDACTED
Fri Jan 30 23:00:27 CET 2015


>
> my 'cacertfile' (as given to the 'ssl' application) contains one and
> only one certificate which is self-signed.
>

If it is self-signed, it is a root CA cert. (issuer=subject)
Depending X509 version, you  may also have an attribute CA=true or 
CA=false (version = 3 if I remember).
openssl x509 printing may help you.
For SSL you must have some KeyUsages :

  serverAuth             SSL/TLS Web Server Authentication.
  clientAuth             SSL/TLS Web Client Authentication.

Regards



More information about the erlang-questions mailing list