Return-Path: 
 <user-return-22262-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 61563DF58
	for <apmail-couchdb-user-archive@www.apache.org>;
 Wed, 26 Sep 2012 10:07:38 +0000 (UTC)
Received: (qmail 77172 invoked by uid 500); 26 Sep 2012 10:07:36 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 77034 invoked by uid 500); 26 Sep 2012 10:07:35 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 76776 invoked by uid 99); 26 Sep 2012 10:07:34 -0000
Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 26 Sep 2012 10:07:34 +0000
Received: from localhost (HELO mail-vb0-f52.google.com) (127.0.0.1)
  (smtp-auth username rnewson, mechanism plain)
  by minotaur.apache.org (qpsmtpd/0.29) with ESMTP;
 Wed, 26 Sep 2012 10:07:33 +0000
Received: by vbjk17 with SMTP id k17so389185vbj.11
        for <user@couchdb.apache.org>; Wed, 26 Sep 2012 03:07:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.149.142 with SMTP id t14mr8214756vcv.46.1348654052670;
 Wed, 26 Sep 2012 03:07:32 -0700 (PDT)
Received: by 10.52.90.69 with HTTP; Wed, 26 Sep 2012 03:07:32 -0700 (PDT)
In-Reply-To: 
 <CAJNb-9rWDELw1Cc1esEfksCSRLNPioS1Xb=xSF_dAOeT6w_ecA@mail.gmail.com>
References: <loom.20120926T042225-450@post.gmane.org>
	<CAJNb-9rWDELw1Cc1esEfksCSRLNPioS1Xb=xSF_dAOeT6w_ecA@mail.gmail.com>
Date: Wed, 26 Sep 2012 11:07:32 +0100
Message-ID: 
 <CABvT1DGwra4r51w+anyBzfBdd5Tt=97pPT-xH1Q1p2PMjveH8w@mail.gmail.com>
Subject: Re: SSL problems
From: Robert Newson <rnewson@apache.org>
To: user@couchdb.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

To be honest, I would recommend using stunnel in front of CouchDB
instead of the built-in erlang SSL module.

B.

On 26 September 2012 08:25, Benoit Chesneau <bchesneau@gmail.com> wrote:
> On Wed, Sep 26, 2012 at 5:20 AM, Bill <bill.foshay@noteandgo.com> wrote:
>> I'm using CouchDB 1.1 and running into an issue configuring it for SSL. =
I have
>> a certificate from GoDaddy that I'm trying to use. I put the cert, two
>> intermediate GoDaddy certs, and the GoDaddy root cert in a poem file. I
>> specified the path to that file in the "cert_file" entry in the couchdb =
config. I
>> also set up the "key_file" entry to point to my key file. However, after
>> restarting couchdb, ssl is  unable to connect. When I try
>>
>> curl -v https://myserver:6984/
>>
>> I get the following message
>>
>> * About to connect() to myserver port 6984 (#0)
>> * Trying myserer... connected
>> * Connected to myserver (myserver) port 6984 (#0)
>> * Initializing NSS with certpath: /etc/pki/nssdb
>> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
>>  CAPath: none
>> * NSS error -5938
>> Closing connection #0
>> * SSL connect error
>>
>> It's able to connect without SSL just fine. Does anyone have any idea wh=
at I'm
>> doing wrong or tips to get this working?
>>
>> Thanks,
>> Bill
>>
>
> How did you configured it? also did you concat the bundle with the cert?
>
> - beno=EEt