-
Notifications
You must be signed in to change notification settings - Fork 0
Https example setup
Make sure you are using a release >=R14B04 as the older versions SSL OTP package has a memory leak http://erlang.2086793.n4.nabble.com/SSL-cache-delete-bug-td3614886.html
In some Linux distributions, Debian/Ubuntu included, SSL certificates
are usually kept in /etc/ssl/, but otherwise you can keep them in
your project folder:
mkdir ssl
cd ssl
Some CAs require 2048 bit keys, but you may of course select whatever length suits you.
openssl genrsa -out privkey.pem -des3 2048
openssl req -new -key privkey.pem -out certreq.csr
Here, you have the option of finding a provider to sign your certificate, or acting as your own Certificate Authority and signing your certificate yourself.
Have a look at Wikipedia's Comparison of SSL certificates for web servers for a quick overview. Free options include CACert.org or StartSSL.
-
Generating a CA Certificate
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 -
Generating self-signed certificate
openssl x509 -req -days 3650 -in certreq.csr -signkey privkey.pem -out newcert.pem
Add this to the boss section of your boss.config:
{ssl_enable, true},
{ssl_options, [
{cacertfile, "ssl/cacert.pem"},
{certfile, "ssl/newcert.pem"},
{keyfile, "ssl/privkey.pem"},
{verify, verify_peer},
{fail_if_no_peer_cert, false}
]
},Edit boss_rebar.erl and change the following -boot start_sasl -config boss -s reloader -s boss to -boot start_sasl -config boss -s reloader -s inets -s ssl -s boss on line 136 for regular (production) start and/or line 160 for development start.