couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From max <maxima...@gmail.com>
Subject SSL on Windows
Date Thu, 04 Dec 2014 16:30:01 GMT
Hi,

I am currently using CouchDB 1.4.0 over HTTP/HTTPS protocle for a while and
it works great on my Ubuntu server!

However I am facing a problem after installing it on Windows. This error is
due to self signed SSL certificate (Tried on Windows 7,8 and server 2012 ).

I have created a certificate just like I did for Ubuntu Server by following
this:
https://couchdb.readthedocs.org/en/1.4.x/configuring.html#native-ssl-support

Then I edited my local.ini file and restart the window service.

Here is the problem, browsers do not ask me to continu despite a self
signed certificate but just close the connection. Only IE allows me to view
futon with an alert in url field.
Here are the results when I tested to get Futon with:

-Chrome: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED.

-Firefox: sec_error_invalid_key


-Curl:
curl -v https://localhost:6984
* STATE: INIT => CONNECT handle 0x8001f2e0; line 998 (connection #-5000)
* Rebuilt URL to: https://localhost:6984/
* About to connect() to localhost port 6984 (#0)
*   Trying ::1...
* Adding handle: conn: 0x80059c58
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* 0x8001f2e0 is at send pipe head!
* - Conn 0 (0x80059c58) send_pipe: 1, recv_pipe: 0
* STATE: CONNECT => WAITCONNECT handle 0x8001f2e0; line 1045 (connection #0)
* After 149995ms connect time, move on!
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 6984 (#0)
* successfully set certificate verify locations:
*   CAfile: /usr/ssl/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* STATE: WAITCONNECT => PROTOCONNECT handle 0x8001f2e0; line 1158
(connection #0)
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: self signed certificate
* Closing connection 0
* The cache now contains 0 members
* Expire cleared
curl: (60) SSL certificate problem: self signed certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.


I tried many ways to create the certificate such as openSSL on an Ubuntu
VM, online self signed certificate generator, cygwin for Windows but I am
always facing the same error.
Any hit would welcome, thanks in advance !

Max

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message