简体繁体 English

Erlang Cowboy SSL示例

[英]Erlang Cowboy SSL Example

原文 2013-10-15 02:04:46 6 1 ssl/ erlang/ ssl-certificate/ cowboy

Cowboy: https://github.com/extend/cowboy 牛仔： https ： //github.com/extend/cowboy

In the ssl example, three files are needed in ssl folder, they are cowboy-ca.crt, server.crt and server.key. 在ssl示例中，ssl文件夹中需要三个文件，它们是cowboy-ca.crt，server.crt和server.key。

I am applying for a free ssl in startssl, and found there are only server.crt and server.key generated. 我在startssl中申请了一个免费的ssl，发现只生成了server.crt和server.key。

What is cowboy-ca.crt used for? cowboy-ca.crt用于什么？

My question is that 'is cowboy-ca.crt needed for me'? 我的问题是“我需要牛仔卡？”

Thanks in advance 提前致谢

1 个解决方案

SSL is built on the principle of a chain of trust . SSL建立在信任链的原则之上。 The reason why you are using StartSSL (or any other certificate provider) is that you are asking them to sign your certificate and create such a chain of trust for you. 您使用StartSSL（或任何其他证书提供商）的原因是您要求他们签署您的证书并为您创建这样的信任链。 If clients trust StartSSL they will trust your server's certificate. 如果客户信任StartSSL，他们将信任您的服务器证书。

Sometimes, clients do not have all the previous elements of the chain. 有时，客户端没有链中的所有先前元素。 This is the case in Cowboy example where clients probably do not know the sample root certificate, cowboy-ca.crt . 在牛仔示例中就是这种情况，客户可能不知道样本根证书cowboy-ca.crt 。 For this reason, during SSL handshake, servers can send part of this chain. 因此，在SSL握手期间，服务器可以发送此链的一部分。 This does not create trust, unless clients aldready trusted the root or the prefix of the chain. 除非客户端已经信任链的根或前缀，否则这不会产生信任。

In your case, the chain actually contains three elements with an intermediate certificate . 在您的情况下，链实际上包含三个带有中间证书的元素。 This is what you should use here as clients trust the root only and might not know the intermediate certificate. 这是你应该在这里使用的，因为客户只信任root，可能不知道中间证书。 If you are using a free certificate from StartSSL, it is sub.class1.server.ca.pem . 如果您使用的是StartSSL的免费证书，则为sub.class1.server.ca.pem 。 You can download it here . 你可以在这里下载。