[erlang-questions] ssl: Bad Certficate using file generated using mkcert.org
Luke Bakken
luke@REDACTED
Sun Apr 1 21:07:00 CEST 2018
Try adding "digitalSignature" to the keyUsage field for the cert.
Luke
On Sun, Apr 1, 2018, 10:55 AM Benoit Chesneau <bchesneau@REDACTED> wrote:
> I'm trying to connect to airbrake.io via ssl using the certificates
> generated by the website mkcert: https://mkcert.org/ which get the
> certificates from Mozilla but I get a "Bad certificat" error on latest
> release of erlang:
>
> 9> ssl:connect("airbrake.io", 443, [{cacertfile, CaCertFile}, {verify,
> verify_peer}, {depth, 99}]).
>
> =INFO REPORT==== 1-Apr-2018::19:45:51 ===
> TLS client: In state certify at ssl_handshake.erl:1271 generated CLIENT
> ALERT: Fatal - Bad Certificate
>
> {error,{tls_alert,"bad certificate"}}
>
>
> where with google it worked:
>
> 10> ssl:connect("google.com", 443, [{cacertfile, CaCertFile}, {verify,
> verify_peer}, {depth, 99}]).
> {ok,{sslsocket,{gen_tcp,#Port<0.9355>,tls_connection,
> undefined},
> <0.224.0>}}
>
>
>
> It used to work with previous versions of Erlang, did something changed in
> the validation in 20.x?
>
> Also how can I check what is the exact issue in the certificate that cause
> this error? According sslabs there are no issue in checking the certificate:
>
> https://www.ssllabs.com/ssltest/analyze.html?d=airbrake.io
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180401/4e2ae0a2/attachment.htm>
More information about the erlang-questions
mailing list