[erlang-questions] Comodo PositiveSSL certificates with Cowboy 1.x

Frank Muller frank.muller.erl@REDACTED
Fri Dec 30 16:05:17 CET 2016


Hi again Ali

It worked ;-)

Here’s what ‘I’ve done:

1. Concatenate them by reversing the lexicographical order:
$ cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt > cacert.pem

2. cp STAR_company_com.crt cert.pem

3. cp company.key key.pem

Then, cowboy was happy with these settings:
[ {cacertfile, "cacert.pem »},
 {certfile, "cert.pem »},
 {keyfile, "key.pem"} ]

And now, « curl » isn’t complaining anymore ;-)

Thank you. You made my day.
/Frank

Le ven. 30 déc. 2016 à 15:58, Ali Sabil <ali.sabil@REDACTED> a écrit :

> On Fri, Dec 30, 2016 at 3:46 PM Frank Muller <frank.muller.erl@REDACTED>
> wrote:
>
> Hi Ali,
>
> This what’s included in the Zip:
>
> AddTrustExternalCARoot.crt
> COMODORSAAddTrustCA.crt
> COMODORSADomainValidationSecureServerCA.crt
> STAR_company_com.crt
> company.key
>
> > 1. your certificate (foo_com.crt)
>
> So STAR_company_com.crt is my certificate.
>
>
> Yes, exactly
>
>
>
> > 2. a set of intermediary certificates (intermediate1.crt,
> intermediate2.crt)
>
> How do i know which one is the latest ... to build the intermediary
> certificate chain in this case?
> They're not numbered.
>
>
> For Comodo, `AddTrustExternalCARoor.crt` is the root certificate,
> followed by `COMODORSAAddTrustCA.crt` and then `
> COMODORSADomainValidationSecureServerCA.crt`
>
> so your chain will be:
>   cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt
> > chain.crt
>
>
>
>
> > 3. the root certificate (root.crt)
>
> What this one is useful for?
>
>
> The root certificate (AddTrustExternalCARoor.crt in your case) is useful
> for things like OCSP stapling as far as I know, which I don't think is
> implemented in Erlang SSL.
>
> If I am not mistaken, the Erlang SSL configuration is very similar to
> Apache.
>
>
>
> Thank you.
>
> /Frank
>
> Le ven. 30 déc. 2016 à 13:03, Ali Sabil <ali.sabil@REDACTED> a écrit :
>
> Hi Frank,
>
> I don't remember the exact details, but you should have received a zip
> file with a set of certificates. This zip file should contain
> 1. your certificate (foo_com.crt)
> 2. a set of intermediary certificates (intermediate1.crt,
> intermediate2.crt)
> 3. the root certificate (root.crt)
>
> You will need to concatenate all the intermediaries starting from the last
> one into what's called a intermediary certificate chain:
>     cat intermediate2.crt intermediate1.crt > chain.crt
>
> The configuration of cowboy is then done using the `certfile` and `
> cacertfile` options, for example:
>   [
>     {certfile, "foo_com.crt"},
>     {cacertfile, "chain.crt"}
>   ]
>
> These options are specified in the documentation of the Erlang SSL app (
> http://erlang.org/doc/man/ssl.html)
>
> Hope this helps,
> Ali
>
>
> On Fri, Dec 30, 2016 at 11:24 AM Frank Muller <frank.muller.erl@REDACTED>
> wrote:
>
> Hi guys,
>
> I would like to configure my "Comodo PositiveSSL" certificates with
> Cowboy.
>
> So far the self-signed OpenSSL certificates I've generated worked as
> expected. But I've no idea how to configure the "Comodo" ones.
>
>
> Can someone point me to a tutorial please? Or help on the setup?
>
>
>
>
> Thanks in advance.
>
> N.B: Comodo provides explanations for Nginx, Apache, etc. But not Cowboy
> unfortunately :-(
>
> Happy new year !!!
> /Frank
>
>
>
> _______________________________________________
>
>
> erlang-questions mailing list
>
>
> erlang-questions@REDACTED
>
>
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20161230/c9b03de1/attachment.htm>


More information about the erlang-questions mailing list