[erlang-questions] ssl: Bad Certficate using file generated using mkcert.org

Luke Bakken luke@REDACTED
Sun Apr 1 21:23:04 CEST 2018 

Oh, never mind, I thought you were responsible for the airbrake.io cert.

I have seen the same behavior you report when using different CA
certificate bundles. Using the default OS X bundle usually works,
while recent Mozilla CA bundles don't. I did a bunch of diagnosis but
never came to a definitive conclusion. I'll re-visit what I did and
will see if I can figure out what exactly works and what doesn't.

Luke

On Sun, Apr 1, 2018 at 12:13 PM, Benoit Chesneau <bchesneau@REDACTED> wrote:
> hrm not sure i understand. You mean to the cacerts file or to the cert of
> airbrake? I’m not responsible of the last one.
>
> Benoît
>
>
> On Sunday, April 1, 2018, Luke Bakken <luke@REDACTED> wrote:
>>
>> Try adding "digitalSignature" to the keyUsage field for the cert.
>>
>> Luke
>>
>> On Sun, Apr 1, 2018, 10:55 AM Benoit Chesneau <bchesneau@REDACTED> wrote:
>>>
>>> I'm trying to connect to airbrake.io via ssl using the certificates
>>> generated by the website mkcert: https://mkcert.org/ which get the
>>> certificates from Mozilla but I get a "Bad certificat" error on latest
>>> release of erlang:
>>>
>>> 9> ssl:connect("airbrake.io", 443, [{cacertfile, CaCertFile}, {verify,
>>> verify_peer}, {depth, 99}]).
>>>
>>> =INFO REPORT==== 1-Apr-2018::19:45:51 ===
>>> TLS client: In state certify at ssl_handshake.erl:1271 generated CLIENT
>>> ALERT: Fatal - Bad Certificate
>>>
>>> {error,{tls_alert,"bad certificate"}}
>>>
>>>
>>> where with google it worked:
>>>
>>> 10> ssl:connect("google.com", 443, [{cacertfile, CaCertFile}, {verify,
>>> verify_peer}, {depth, 99}]).
>>> {ok,{sslsocket,{gen_tcp,#Port<0.9355>,tls_connection,
>>>                         undefined},
>>>                <0.224.0>}}
>>>
>>>
>>>
>>> It used to work with previous versions of Erlang, did something changed
>>> in the validation in 20.x?
>>>
>>> Also how can I check what is the exact issue in the certificate that
>>> cause this error? According sslabs there are no issue in checking the
>>> certificate:
>>>
>>> https://www.ssllabs.com/ssltest/analyze.html?d=airbrake.io
>>>
>>>
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>
>
>
> --
> Sent from my Mobile

More information about the erlang-questions mailing list