[erlang-questions] Comodo PositiveSSL certificates with Cowboy 1.x

Ali Sabil <>
Fri Dec 30 15:58:31 CET 2016


On Fri, Dec 30, 2016 at 3:46 PM Frank Muller <>
wrote:

> Hi Ali,
>
> This what’s included in the Zip:
>
> AddTrustExternalCARoot.crt
> COMODORSAAddTrustCA.crt
> COMODORSADomainValidationSecureServerCA.crt
> STAR_company_com.crt
> company.key
>
> > 1. your certificate (foo_com.crt)
>
> So STAR_company_com.crt is my certificate.
>
>
Yes, exactly



> > 2. a set of intermediary certificates (intermediate1.crt,
> intermediate2.crt)
>
> How do i know which one is the latest ... to build the intermediary
> certificate chain in this case?
> They're not numbered.
>
>
For Comodo, `AddTrustExternalCARoor.crt` is the root certificate, followed
by `COMODORSAAddTrustCA.crt` and then `
COMODORSADomainValidationSecureServerCA.crt`

so your chain will be:
  cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >
chain.crt



>
> > 3. the root certificate (root.crt)
>
> What this one is useful for?
>
>
The root certificate (AddTrustExternalCARoor.crt in your case) is useful
for things like OCSP stapling as far as I know, which I don't think is
implemented in Erlang SSL.

If I am not mistaken, the Erlang SSL configuration is very similar to
Apache.



> Thank you.
>
> /Frank
>
> Le ven. 30 déc. 2016 à 13:03, Ali Sabil <> a écrit :
>
> Hi Frank,
>
> I don't remember the exact details, but you should have received a zip
> file with a set of certificates. This zip file should contain
> 1. your certificate (foo_com.crt)
> 2. a set of intermediary certificates (intermediate1.crt,
> intermediate2.crt)
> 3. the root certificate (root.crt)
>
> You will need to concatenate all the intermediaries starting from the last
> one into what's called a intermediary certificate chain:
>     cat intermediate2.crt intermediate1.crt > chain.crt
>
> The configuration of cowboy is then done using the `certfile` and `
> cacertfile` options, for example:
>   [
>     {certfile, "foo_com.crt"},
>     {cacertfile, "chain.crt"}
>   ]
>
> These options are specified in the documentation of the Erlang SSL app (
> http://erlang.org/doc/man/ssl.html)
>
> Hope this helps,
> Ali
>
>
> On Fri, Dec 30, 2016 at 11:24 AM Frank Muller <>
> wrote:
>
> Hi guys,
>
> I would like to configure my "Comodo PositiveSSL" certificates with
> Cowboy.
>
> So far the self-signed OpenSSL certificates I've generated worked as
> expected. But I've no idea how to configure the "Comodo" ones.
>
>
> Can someone point me to a tutorial please? Or help on the setup?
>
>
>
>
> Thanks in advance.
>
> N.B: Comodo provides explanations for Nginx, Apache, etc. But not Cowboy
> unfortunately :-(
>
> Happy new year !!!
> /Frank
>
>
>
> _______________________________________________
>
>
> erlang-questions mailing list
>
>
> 
>
>
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20161230/bc606f0a/attachment.html>


More information about the erlang-questions mailing list