Hi! My self-signed certificate is rejected by browsers and curl.
The problem:
On curl I get the error: curl: (52) Empty reply from server
from curl.
Firefox warns me that the certificate is self-signed, I click to continue and it never gets a response. Chromium gives similar results.
On the terminal I sometimes get:
[info] ['TLS', 32, 'server', 58, 32, 73, 110, 32, 115, 116, 97, 11
6, 101, 32, 'abbreviated', 32, 'received CLIENT ALERT: Fatal - Certificate Unkno
wn', 10]
What does work:
Everything works fine with plain http. When using the cowboy interface directly the results are the same, plain http works, https doesn’t. I was able to successfully setup self-signed certificates with Nginx, they were not the ones generated by mix x509.gen.selfsigned
(see below) but they also did not work with plug_cowboy or cowboy.
I think the problem might be that I’m not passing a cacertfile
parameter (for a self-signed certificate authority that signs my certificate), but I don’t know how to generate that.
The setup:
All on a single machine, with a fresh mix
project created only for this.
I generated a self-signed certificate with: mix x509.gen.selfsigned
, it was put in the default location: priv/cert/
. It appears that the default hostname it uses is localhost
but I tried passing a specific name too, only to get the same result.
I’m on Debian 10 amd64;
Erlang/OTP 21 [erts-10.2.4] [source] [64-bit] [smp:12:12] [ds:12:12:10] [async-threads:1]
Interactive Elixir (1.7.4) - press Ctrl+C to exit (type h() ENTER for help)
My plug is in lib/https_tests.ex
:
defmodule HttpsTests do
import Plug.Conn
def init(options) do
# initialize options
options
end
def call(conn, _opts) do
conn
|> put_resp_content_type("text/plain")
|> send_resp(200, "Hello world")
end
end
My lib/https_tests/application.ex
:
defmodule HttpsTests.Application do
# See https://hexdocs.pm/elixir/Application.html
# for more information on OTP Applications
@moduledoc false
use Application
def start(_type, _args) do
# List all child processes to be supervised
children = [
{Plug.Cowboy, scheme: :https, plug: HttpsTests,
options: [
port: 4001,
cipher_suite: :strong,
certfile: "priv/cert/selfsigned.pem",
keyfile: "priv/cert/selfsigned_key.pem",
otp_app: :https_tests
]}
]
# See https://hexdocs.pm/elixir/Supervisor.html
# for other strategies and supported options
opts = [strategy: :one_for_one, name: HttpsTests.Supervisor]
Supervisor.start_link(children, opts)
end
end
Thanks!