[erlang-questions] SSL: "unknown ca"

e@REDACTED e@REDACTED
Sat Jan 31 22:36:33 CET 2015


On 01/31/2015 10:16 PM, Loïc Hoguin wrote:
> On 01/31/2015 10:07 PM, e@REDACTED wrote:
>> On 01/31/2015 10:00 PM, Tristan Sloughter wrote:
>>>
>>> https://www.openssl.org/docs/ssl/SSL_alert_type_string.html
>>
>> A valid certificate chain or partial chain was received, but the
>> certificate was not accepted because the CA certificate could not be
>> located or couldn't be matched with a known, trusted CA.
>>
>> WHICH certificate?
>>
>> The certificates i supplied to ssl as:
>> 'cacertfile'
>> 'certfile'
>>
>> are both valid according to the system's 'openssl':
>>
>>  > openssl verify -CApath /etc/ssl/certs server.crt
>> server.crt: OK
>
> I answered that in my previous email.
>
> The client and the server must agree on the list of trusted CAs. Did you
> also provide the same cacertfile file to the client?

yes,
besides it is included in the server.crt
i also manually import both certs into my browser, one as an 'authority' 
and another as a 'server'



More information about the erlang-questions mailing list