[erlang-questions] SSL: "unknown ca"

Fri Jan 30 19:25:58 CET 2015

Hi, all.

SSL: certify: ssl_alert.erl:92:Fatal error: unknown ca

I know this issue generates thousands of "hits" in google-search
yet google does not reveal a consistent explanation (not a recipe!)

first of all: Unknown TO WHOM???
secondly: What CA will be considered known?

what properties of CA are required?
may we assume that "CA" and "a certificate file" are synonyms in the 
current context? otherwise, what is CA and how is it represented?

and last but not least: Might be this error induced by some lower-level 
reason, unrelated to "CA familiarity", for example unacceptable 
certificate format?

My config is:
{cacertfile, Dir ++ "ca.crt"}	% self-signed
{certfile, Dir ++ "server.crt"} % signed by ca.crt
{keyfile, Dir ++ "server.key"}
% no other options are explicitly specified

where files are produced by the following procedure:

openssl genrsa -des3 -out ca.key 1024
openssl req -new -key ca.key -out ca.csr
cp ca.key ca.key.orig
openssl rsa -in ca.key.orig -out ca.key
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt

openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey ca.key -out server.crt
cp server.key server.key.orig
openssl rsa -in server.key.orig -out server.key

More information about the erlang-questions mailing list