How to set ca_bundle for ssl server

[EstebanSannin]

Hi,
I generated my ssl certificates on "Let's Encrypt" and now I have 3 files:
private.key (private key)
certificate.crt (certificate)
ca_bundle.crt (CA Bundle)

An example of configuration on Apache Web Server is like this:
SSLCertificateFile /path_to/certificate.crt
SSLCertificateKeyFile /path_to/private.key
SSLCACertificateFile /path_to/ca_bundle.crt

This is an example of my Turbo server:

TURBO_SSL = true

local app = turbo.web.Application:new({
   {"/hello", HelloNameHandler}
})
 -- Set the server to listen on port 443 and start the ioloop.
app:listen(443,nil,{
  ssl_options = {
    key_file = "./sslkeys/private.key",
    cert_file = "./sslkeys/certificate.crt"
}, max_body_size=1024*1024*500},{read_body=false})

turbo.ioloop.instance():start()

Can I configure my ca_bundle.crt for the ssl connection??
Because in the documentation and in the examples I have see only the key_file and cert_file

[kernelsauce]

You place the bundle together with your public cert. Just copy contents of bundle into certificate.crt. ons. 10. mai 2017 kl. 00.45 skrev Stefano Viola <[email protected]>:

Hi, I generated my ssl certificates on "Let's Encrypt" and now I have 3 files: private.key (private key) certificate.crt (certificate) ca_bundle.crt (CA Bundle) An example of configuration on Apache Web Server is like this: SSLCertificateFile /path_to/certificate.crt SSLCertificateKeyFile /path_to/private.key SSLCACertificateFile /path_to/ca_bundle.crt This is an example of my Turbo server: TURBO_SSL = true local app = turbo.web.Application:new({ {"/hello", HelloNameHandler} }) -- Set the server to listen on port 443 and start the ioloop. app:listen(443,nil,{ ssl_options = { key_file = "./sslkeys/private.key", cert_file = "./sslkeys/certificate.crt" }, max_body_size=1024*1024*500},{read_body=false}) turbo.ioloop.instance():start() Can I configure my ca_bundle.crt for the ssl connection?? Because in the documentation and in the examples I have see only the key_file and cert_file — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#310>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABCBmiUUY6daa5n8xVBKB1aeiVvXS81Iks5r4OyIgaJpZM4NV-YO> .

-- Mvh / Best regards John Abrahamsen Senior Software Developer / Security Specialist Tlf/Phone: (+47) 941 35 009 Maintainer and Author of http:https://turbolua.org

[EstebanSannin]

Ok, I tried to combine the two files crt and the Server start correctly, but if I try the ssl check online for example here: https://www.sslchecker.com/sslchecker
or more simply try to use curl, I receive "server certificate verification failed"

The same two file (private key and combined crt) inside nginx work perfectly...

[kernelsauce]

That is strange. I will have to do my own tests. But I did test this when I created the functionality...

[luastoned]

Might be related to #239

[kernelsauce]

Probably need to implement SSL_CTX_use_certificate_chain_file() usage.

[EstebanSannin]

Fixed in #311