incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill <bill.fos...@noteandgo.com>
Subject Re: SSL problems
Date Wed, 26 Sep 2012 17:36:50 GMT
Dave Cottlehuber <dch@...> writes:

> 
> On 26 September 2012 05:20, Bill <bill.foshay@...> wrote:
> > I'm using CouchDB 1.1 and running into an issue configuring it for SSL. I 
have
> > a certificate from GoDaddy that I'm trying to use. I put the cert, two
> > intermediate GoDaddy certs, and the GoDaddy root cert in a poem file. I
> > specified the path to that file in the "cert_file" entry in the couchdb 
config. I
> > also set up the "key_file" entry to point to my key file. However, after
> > restarting couchdb, ssl is  unable to connect. When I try
> >
> > curl -v https://myserver:6984/
> >
> > I get the following message
> >
> > * About to connect() to myserver port 6984 (#0)
> > * Trying myserer... connected
> > * Connected to myserver (myserver) port 6984 (#0)
> > * Initializing NSS with certpath: /etc/pki/nssdb
> > * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> >  CAPath: none
> > * NSS error -5938
> > Closing connection #0
> > * SSL connect error
> >
> > It's able to connect without SSL just fine. Does anyone have any idea what 
I'm
> > doing wrong or tips to get this working?
> >
> > Thanks,
> > Bill
> >
> 
> Hi Bill,
> 
> I would suggest 2 things to check[1]:
> 
> - use the mochiweb test certs to confirm that you've got couchdb set
> up correctly
> -  confirm your certs work using openssl, both with & without the -k
> option (validity chain)
> 
> It's possible that you are running into one of the limitations of
> various erlang versions, I am not up to speed but I'd suggest
> re-testing with R15B02 once the first checks are working. Do keep us
> posted so we can keep the wiki up to date.
> 
> A+
> Dave
> 
> [1]: http://wiki.apache.org/couchdb/How_to_enable_SSL
> 
> 

Hi Dave,

Thanks for the suggestions. I was able to verify both the checks you suggested. 
I'm able to successfully run couchdb with a self-signed cert. And I used openssl 
to confirm that the certs work, both with and without the -k option. Are there 
any other checks you can recommend? I can post my log file errors in a few hours 
when I get back home if people think that would be helpful.

The version of CouchDB I'm using was bundled with Couchbase Single Server v1.2 
so maybe there's a erlang problem associated with that version? Is there an 
alternative to Single Server since it's discontinued? I would love to upgrade to 
CouchDB 1.2 if I can do it without too much trouble. I've always just run 
CouchDB with Single Server and hadn't had any issue until trying to get SSL 
working with this GoDaddy cert. I'm pretty much a newbie to CouchDB so I'm 
hesitant to build it myself. Is there a simple way to get a CouchDB server 
running with v1.2 without building it myself.

Thanks,
Bill


Mime
View raw message