Good morning family I have a doubt about the following case:
I have a certificate mounted in a cowboy server ({:plug_cowboy, “~> 2.0”}), the certificate is still valid ( will be expired in two months), but the server throws an error saying :
[notice] [2023-04-12] [16:03:09.853] TLS :server: In state :certify at ssl_handshake.erl:2015 generated SERVER ALERT: Fatal - Certificate Expired
Maybe this has happened to someone before, I have been looking on the internet about the error, but I have not found anything useful yet.
any suggestion?
Thank you very much, the time machine is correct, but I am not sure about the priv directory. let me check it.
A server does not verify the expiry of its own certificate during the handshake, it must be checking the client’s certificate. Did you enable peer certificate verification on the server, and are you connecting with a client that has a client certificate? In that case please check the validity of the client’s certificate.
2 Likes
{Plug.Cowboy,
scheme: :https,
plug: plug,
options: [
port: AppConfig.get_port(),
cipher_suite: :strong,
password: passphrase,
certfile:"/app/rel/elixir_pryect/priv/certs/certificate_file.corp.cert",
keyfile: "/app/rel/elixir_pryect/priv/certs/ privatekey1.key",
verify: :verify_peer,
fail_if_no_peer_cert: true,
cacertfile: castore_path
]}
this is my plug configuration, verify: :verify_peer is enabled. I realized that the server time is ahead by 5 hours. but the date is ok.
are you connecting with a client that has a client certificate?
yes of course I provided the public certificate and the expired date is in 5/26/2023
as is shown in the following image:
I realized that the private_key and the cert_file are written in runtime.
the relative path “/app/rel/elixir_pryect/priv/certs/ privatekey1.key” are created in runtime.
Maybe could be that?
using this code:
def write_secret_key_to_file(secret_path, key, destination_path, content_of_private_key) do
File.mkdir_p(Path.dirname(destination_path)),
File.write(destination_path, to_string(content_of_private_key)) do
Logger.debug("secret key #{key} written successfully")
end
destination_path = "/app/rel/elixir_pryect/priv/certs/ privatekey1.key"
content_of_private_key = "-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----"
is possible that in runtime a file cannot be created?
In the end, I tested the production certificate file in the test environment and it showed that the certificate file really was expired.
So thank you for your suggestions, they were very helpful to me.
Hi, Family I have updated the certificate but I have the same issue.
I do not know what else to do.