[erlang-questions] ssl: Bad Certficate using file generated using mkcert.org

Benoit Chesneau bchesneau@REDACTED
Sun Apr 1 19:55:08 CEST 2018

I'm trying to connect to airbrake.io via ssl using the certificates
generated by the website mkcert: https://mkcert.org/ which get the
certificates from Mozilla but I get a "Bad certificat" error on latest
release of erlang:

9> ssl:connect("airbrake.io", 443, [{cacertfile, CaCertFile}, {verify,
verify_peer}, {depth, 99}]).

=INFO REPORT==== 1-Apr-2018::19:45:51 ===
TLS client: In state certify at ssl_handshake.erl:1271 generated CLIENT
ALERT: Fatal - Bad Certificate

{error,{tls_alert,"bad certificate"}}

where with google it worked:

10> ssl:connect("google.com", 443, [{cacertfile, CaCertFile}, {verify,
verify_peer}, {depth, 99}]).

It used to work with previous versions of Erlang, did something changed in
the validation in 20.x?

Also how can I check what is the exact issue in the certificate that cause
this error? According sslabs there are no issue in checking the certificate:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180401/8cc2665d/attachment.htm>

More information about the erlang-questions mailing list