[erlang-questions] SSL: "unknown ca"
Loïc Hoguin
essen@REDACTED
Sat Jan 31 22:15:10 CET 2015
On 01/31/2015 10:06 PM, Imants Cekusins wrote:
>> By default SSL gives you secure connections, that means both encryption and authentication.
>
> does this authentication feature necessitate a third party CA?
It depends on everyone agreeing which root CAs should be trusted and
keeping that trust list up to date as it changes over time.
Note that by "everyone" here I mean "all interested parties", aka the
clients and servers involved. You can have your own personal CA in the
list of the trusted CAs if it is all your clients and servers.
> would encryption alone work without a third party CA?
Yes, but the connections will be rejected by default unless the client
is specifically configured to either trust this CA or not perform the
verification.
--
Loïc Hoguin
http://ninenines.eu
More information about the erlang-questions
mailing list