JimMarshall35
Fallen at the first hurdle: [notice] TLS :client: In state :certify at ssl_handshake.erl:2082 generated CLIENT ALERT: Fatal - Unknown CA
Hello guys and gals.
I’m a developer who’s interested in giving elixir a try, primarily to learn a bit of functional programming and because I like some of the unique things I’ve heard about this language and the BEAM virtual machine.
I decided yesterday after work I would download it, get phoenix (which seems to be a popular and easy to pick up web framework) and make a hello world app that served me some basic page on the local host.
Unfortunately though I seem to have “Fallen at the first hurdle”. I did this:
-
I used Mix to create a new project
-
added this to list returned by the deps function the mix.exs file:
{:phx_new, “~> 1.6”} -
ran “mix compile” from the command line which prompted me to run “mix deps.get” - so I did
-This didn’t work! I got this error:
[notice] TLS :client: In state :certify at ssl_handshake.erl:2082 generated CLIENT ALERT: Fatal - Unknown CA
Am I doing something wrong? Am I going about trying to add the package in the right way? I just don’t know. I’ve obviously googled it and other people have reported that error under different circumstances.
Assuming I’ve done the right thing to try and add the package, Is there anything I can do to fix my problem?
Thanks everyone,
Jim
Marked As Solved
voltone
You could just set HEX_UNSAFE_HTTPS=1 when running Mix commands, which disables server certificate verification for Hex server endpoints. When fetching public data from Hex (as opposed to publishing packages or accessing other authenticated endpoints) this should be safe, as package checksums are verified against the signed Hex registry metadata. But I still wouldn’t do this without first understanding why normal HTTPS does not work…
Also Liked
voltone
Could it be your PC accesses the internet through some corporate outbound firewall that intercepts HTTPS traffic, by injecting itself in the TLS handshake and presenting a certificate signed by a corporate CA that exists in your OS CA trust store but not in the CA trust store used by Hex?
Assuming you have the openssl CLI tool available, what does openssl s_client -connect repo.hex.pm:443 -servername repo.hex.pm show you under “Certificate chain”? Alternatively, if you open https://repo.hex.pm in a browser and you inspect the server’s certificate, what issuer(s) do you see?
kokolegorille
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #elixirconf-us
- #advent-of-code
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #hex









