incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Cottlehuber <...@jsonified.com>
Subject Re: SSL problems
Date Wed, 26 Sep 2012 07:07:53 GMT
On 26 September 2012 05:20, Bill <bill.foshay@noteandgo.com> wrote:
> I'm using CouchDB 1.1 and running into an issue configuring it for SSL. I have
> a certificate from GoDaddy that I'm trying to use. I put the cert, two
> intermediate GoDaddy certs, and the GoDaddy root cert in a poem file. I
> specified the path to that file in the "cert_file" entry in the couchdb config. I
> also set up the "key_file" entry to point to my key file. However, after
> restarting couchdb, ssl is  unable to connect. When I try
>
> curl -v https://myserver:6984/
>
> I get the following message
>
> * About to connect() to myserver port 6984 (#0)
> * Trying myserer... connected
> * Connected to myserver (myserver) port 6984 (#0)
> * Initializing NSS with certpath: /etc/pki/nssdb
> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
>  CAPath: none
> * NSS error -5938
> Closing connection #0
> * SSL connect error
>
> It's able to connect without SSL just fine. Does anyone have any idea what I'm
> doing wrong or tips to get this working?
>
> Thanks,
> Bill
>

Hi Bill,

I would suggest 2 things to check[1]:

- use the mochiweb test certs to confirm that you've got couchdb set
up correctly
-  confirm your certs work using openssl, both with & without the -k
option (validity chain)

It's possible that you are running into one of the limitations of
various erlang versions, I am not up to speed but I'd suggest
re-testing with R15B02 once the first checks are working. Do keep us
posted so we can keep the wiki up to date.

A+
Dave

[1]: http://wiki.apache.org/couchdb/How_to_enable_SSL

Mime
View raw message