couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick North <nort...@gmail.com>
Subject Re: SSL on Windows
Date Thu, 04 Dec 2014 20:43:41 GMT
I'm not sure about the OpenSSL question, but you can create IIS SSL
certificates of arbitrary duration using Microsoft's SelfSSL utility. You
can find out more about it at the bottom of this page
<http://blogs.iis.net/thomad/archive/2010/04/16/setting-up-ssl-made-easy.aspx>.
Disclaimer: I haven't tried this myself, but it should work fine.

Nick

On 4 December 2014 at 17:19, max <maxima078@gmail.com> wrote:

> Thank you for your quick response.
> It seems my questions was not really clear I am sorry. On Ubuntu everything
> is ok , my problem is on Windows 7 and windows Server 2012. I just figured
> out that creating my SSL certificate form a Windows machine through IIS
> gave me back .pfx file. Then I turned this file to cert and key file with
> openssl and tried those files.
> Guess what it worked !
> what does it mean? An SSL certificate created from openSSL cannot be used
> in windows ? But how does SSL Authorities manage that problem?
>
> Well this is a start but now I cannot modify the duration of my certificate
> when I create it from IIS, does anyone know how to do that ?
>
> Thank you again !
>
>
> 2014-12-04 18:02 GMT+01:00 Paul Okstad <pokstad@gmail.com>:
>
> > Max, I brought up this same issue in this email list a few weeks back (I
> > will forward you the thread). What I found was that the SSL package used
> by
> > CouchDB is broken in Ubuntu 14.04. When I installed CouchDB on 14.10 the
> > problem was fixed. My case was with a CA signed cert, but maybe the same
> is
> > true for your self signed ones.
> >
> > --
> > Paul Okstad
> >
> >
> >
> > > On Dec 4, 2014, at 8:30 AM, max <maxima078@gmail.com> wrote:
> > >
> > > Hi,
> > >
> > > I am currently using CouchDB 1.4.0 over HTTP/HTTPS protocle for a while
> > and
> > > it works great on my Ubuntu server!
> > >
> > > However I am facing a problem after installing it on Windows. This
> error
> > is
> > > due to self signed SSL certificate (Tried on Windows 7,8 and server
> 2012
> > ).
> > >
> > > I have created a certificate just like I did for Ubuntu Server by
> > following
> > > this:
> > >
> >
> https://couchdb.readthedocs.org/en/1.4.x/configuring.html#native-ssl-support
> > >
> > > Then I edited my local.ini file and restart the window service.
> > >
> > > Here is the problem, browsers do not ask me to continu despite a self
> > > signed certificate but just close the connection. Only IE allows me to
> > view
> > > futon with an alert in url field.
> > > Here are the results when I tested to get Futon with:
> > >
> > > -Chrome: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED.
> > >
> > > -Firefox: sec_error_invalid_key
> > >
> > >
> > > -Curl:
> > > curl -v https://localhost:6984
> > > * STATE: INIT => CONNECT handle 0x8001f2e0; line 998 (connection
> #-5000)
> > > * Rebuilt URL to: https://localhost:6984/
> > > * About to connect() to localhost port 6984 (#0)
> > > *   Trying ::1...
> > > * Adding handle: conn: 0x80059c58
> > > * Adding handle: send: 0
> > > * Adding handle: recv: 0
> > > * Curl_addHandleToPipeline: length: 1
> > > * 0x8001f2e0 is at send pipe head!
> > > * - Conn 0 (0x80059c58) send_pipe: 1, recv_pipe: 0
> > > * STATE: CONNECT => WAITCONNECT handle 0x8001f2e0; line 1045
> (connection
> > #0)
> > > * After 149995ms connect time, move on!
> > > *   Trying 127.0.0.1...
> > > * Connected to localhost (127.0.0.1) port 6984 (#0)
> > > * successfully set certificate verify locations:
> > > *   CAfile: /usr/ssl/certs/ca-bundle.crt
> > >  CApath: none
> > > * SSLv3, TLS handshake, Client hello (1):
> > > * STATE: WAITCONNECT => PROTOCONNECT handle 0x8001f2e0; line 1158
> > > (connection #0)
> > > * SSLv3, TLS handshake, Server hello (2):
> > > * SSLv3, TLS handshake, CERT (11):
> > > * SSLv3, TLS alert, Server hello (2):
> > > * SSL certificate problem: self signed certificate
> > > * Closing connection 0
> > > * The cache now contains 0 members
> > > * Expire cleared
> > > curl: (60) SSL certificate problem: self signed certificate
> > > More details here: http://curl.haxx.se/docs/sslcerts.html
> > >
> > > curl performs SSL certificate verification by default, using a "bundle"
> > > of Certificate Authority (CA) public keys (CA certs). If the default
> > > bundle file isn't adequate, you can specify an alternate file
> > > using the --cacert option.
> > > If this HTTPS server uses a certificate signed by a CA represented in
> > > the bundle, the certificate verification probably failed due to a
> > > problem with the certificate (it might be expired, or the name might
> > > not match the domain name in the URL).
> > > If you'd like to turn off curl's verification of the certificate, use
> > > the -k (or --insecure) option.
> > >
> > >
> > > I tried many ways to create the certificate such as openSSL on an
> Ubuntu
> > > VM, online self signed certificate generator, cygwin for Windows but I
> am
> > > always facing the same error.
> > > Any hit would welcome, thanks in advance !
> > >
> > > Max
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message