SSL

[Seann Aswell]

Question about using the SSL CA module...

I have been using Zotonic behind HAProxy, and would like to use it directly, but there is an issue with newer certificates issued by Let's Encrypt.

According to the Erlang SSL man page, it appears EC keys are now supported. However, when placing all of the certs and keys into the site/priv/security/ca directory, each time a connection to Zotonic is made self-signed keys are generated, which seems to indicate Zotonic doesn't like the EC keys.

The mod_ssl_ca page suggests that only PCKS#1 & 8 are supported,  but it appears that Erlang now supports EC keys. Is it possible Zotonic could support new EC keys?

FYI: header for EC keys

-----BEGIN EC PRIVATE KEY-----

[Marc Worrell]

We are using the library:

https://github.com/zotonic/zotonic_ssl

For the SSL certificate inspection.

Could you file an issue there?

If you want to use Let’s Encrypt with Zotonic 1.x (master), then you can also just enable mod_ssl_letsencrypt.

It will handle requesting certificates and also extending them before they expire.

Cheers,

Marc

--

---
You received this message because you are subscribed to the Google Groups "Zotonic developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zotonic-develop...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zotonic-developers/d4f9206c-a24d-4b7c-801a-c1a9b452c40en%40googlegroups.com.

[Seann Aswell]

Okay, issue filed: https://github.com/zotonic/zotonic_ssl/issues/11

Currently using Zotonic behind HAProxy, as there are some non-Zotonic sites and redirects that it handles, so it is also handling SSL termination. However, for some commercial Zotonic users, updating zotonic_ssl could be helpful, so I filed and issue...

Seann