<div dir="auto"><div>Try adding "digitalSignature" to the keyUsage field for the cert.<div dir="auto"><br></div>Luke</div><div dir="auto"><br><div class="gmail_quote" dir="auto"><div dir="ltr">On Sun, Apr 1, 2018, 10:55 AM Benoit Chesneau <<a href="mailto:bchesneau@gmail.com">bchesneau@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>I'm trying to connect to <a href="http://airbrake.io" target="_blank" rel="noreferrer">airbrake.io</a> via ssl using the certificates generated by the website mkcert: <a href="https://mkcert.org/" target="_blank" rel="noreferrer">https://mkcert.org/</a> which get the certificates from Mozilla but I get a "Bad certificat" error on latest release of erlang:<br><br>9> ssl:connect("<a href="http://airbrake.io" target="_blank" rel="noreferrer">airbrake.io</a>", 443, [{cacertfile, CaCertFile}, {verify, verify_peer}, {depth, 99}]).<br><br>=INFO REPORT==== 1-Apr-2018::19:45:51 ===<br>TLS client: In state certify at ssl_handshake.erl:1271 generated CLIENT ALERT: Fatal - Bad Certificate<br><br>{error,{tls_alert,"bad certificate"}}<br><br><br></div><div>where with google it worked:<br><br>10> ssl:connect("<a href="http://google.com" target="_blank" rel="noreferrer">google.com</a>", 443, [{cacertfile, CaCertFile}, {verify, verify_peer}, {depth, 99}]). <br>{ok,{sslsocket,{gen_tcp,#Port<0.9355>,tls_connection,<br> undefined},<br> <0.224.0>}}<br><br><br><br></div><div>It used to work with previous versions of Erlang, did something changed in the validation in 20.x?<br><br></div><div>Also how can I check what is the exact issue in the certificate that cause this error? According sslabs there are no issue in checking the certificate:<br><br><a href="https://www.ssllabs.com/ssltest/analyze.html?d=airbrake.io" target="_blank" rel="noreferrer">https://www.ssllabs.com/ssltest/analyze.html?d=airbrake.io</a> <br><br><br></div></div>
_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank" rel="noreferrer">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer noreferrer" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
</blockquote></div></div></div>