TLS error in dev (with self-signed certificates)

Hello everyone,

I am trying to authenticate users from a Windows 2016 ADFS into my Phoenix application.

It is a bit creepy to configure, and hard to debug.

Currently, I can reach the adfs login page from Phoenix using Samly. It almost work, and yet it does not.

I have setup up https, with self signed certificate for dev.

Those are the logs I get in the console.

[info] TLS :server: In state :hello at tls_handshake.erl:364 generated SERVER ALERT: Fatal - Protocol Version
[info] TLS :server: In state :certify received CLIENT ALERT: Fatal - Certificate Unknown

It works with proper certificates, and it works in prod. But I cannot make it work in dev, with self-signed certificates.

Is there a possibility to communicate with Windows 2016 using tls 1.2? Is there something I miss in the process?

I know it’s very specific, but if anybody has done similar interaction with Windows I’ll be glad to have some hints.

Thanks for taking time

2 Likes

Maybe the TLS god @voltone can help? :100:

1 Like

This might be a problem with Erlang’s TLS implementation rejecting self-signed certificates by default.

See here how to fix it: Allowing TLS connection of clients with self-signed certificates

5 Likes

Thank You for the response, I am going to see if this solves my problem.

At least the second error is about the client browser sending alert… which has nothing to do with phoenix, nor windows :slight_smile:

1 Like