Question

Cowboy: https://github.com/extend/cowboy

In the ssl example, three files are needed in ssl folder, they are cowboy-ca.crt, server.crt and server.key.

I am applying for a free ssl in startssl, and found there are only server.crt and server.key generated.

What is cowboy-ca.crt used for?

My question is that 'is cowboy-ca.crt needed for me'?

Thanks in advance

Was it helpful?

Solution

SSL is built on the principle of a chain of trust. The reason why you are using StartSSL (or any other certificate provider) is that you are asking them to sign your certificate and create such a chain of trust for you. If clients trust StartSSL they will trust your server's certificate.

Sometimes, clients do not have all the previous elements of the chain. This is the case in Cowboy example where clients probably do not know the sample root certificate, cowboy-ca.crt. For this reason, during SSL handshake, servers can send part of this chain. This does not create trust, unless clients aldready trusted the root or the prefix of the chain.

In your case, the chain actually contains three elements with an intermediate certificate. This is what you should use here as clients trust the root only and might not know the intermediate certificate. If you are using a free certificate from StartSSL, it is sub.class1.server.ca.pem. You can download it here.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top