couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Cottlehuber <...@skunkwerks.at>
Subject Re: CouchDB 1.6.1 SSL on Windows server 2012
Date Sat, 18 Mar 2017 11:12:23 GMT
On Wed, 15 Mar 2017, at 16:30, max wrote:
> Hi,
> 
> I'm trying to install a certificate on Windows server 2012 R2.
> First I'd like to install a self-signed certificate. Some years ago I did
> it for CouchDB 1.4.1 on a Windows server 2008 so I'm trying to reproduce
> what I've done but I'm stuck.
> This what I do :
> - open IIS and create a self-signed certificate then export it in order
> to
> get a *.pfx file
> - transfer this file onto a unix system where I run :
> 
> openssl pkcs12 -in file.pfx -clcerts -nokeys -out file.cer
> openssl pkcs12 -in file.pfx -nocerts -nodes -out file.key
> 
> - transfer *.cer and *.key files to my windows server and edit local.ini
> :
> 
> 
> [daemons]
> httpsd = {couch_httpd, start_link, [https]}
> 
> 
> [ssl]
> port = 6984
> cert_file = C:/srv/SSL/tmp/file.cer
> key_file = C:/srv/SSL/tmp/file.key
> verify_ssl_certificates = false
> ssl_certificate_max_depth = 1

Hi Max,

Your config looks right, you might throw "" around cert_file / key_file
but I don't think thats the problem.

https://wiki.apache.org/couchdb/How_to_enable_SSL

still applies to 1.6.1. Start off with the mochiweb certs noted in the
document as we know they work, and post output of `curl -4vsk
https://127.0.0.1:6984/` along with whatever garbage is spewed out in
the couch.log.

It's quite possible that you have a certificate that requires OpenSSL
features newer than what 1.6.1 was built with at the time, but the
debugging notes in that URL above will help us see.

A+
Dave


Mime
View raw message