[erlang-questions] SSL: "unknown ca"

Loïc Hoguin essen@REDACTED
Sat Jan 31 22:15:10 CET 2015


On 01/31/2015 10:06 PM, Imants Cekusins wrote:
>> By default SSL gives you secure connections, that means both encryption and authentication.
>
> does this authentication feature necessitate a third party CA?

It depends on everyone agreeing which root CAs should be trusted and 
keeping that trust list up to date as it changes over time.

Note that by "everyone" here I mean "all interested parties", aka the 
clients and servers involved. You can have your own personal CA in the 
list of the trusted CAs if it is all your clients and servers.

> would encryption alone work without a third party CA?

Yes, but the connections will be rejected by default unless the client 
is specifically configured to either trust this CA or not perform the 
verification.

-- 
Loïc Hoguin
http://ninenines.eu



More information about the erlang-questions mailing list