On 26 September 2012 05:20, Bill <[email protected]> wrote: > I'm using CouchDB 1.1 and running into an issue configuring it for SSL. I have > a certificate from GoDaddy that I'm trying to use. I put the cert, two > intermediate GoDaddy certs, and the GoDaddy root cert in a poem file. I > specified the path to that file in the "cert_file" entry in the couchdb > config. I > also set up the "key_file" entry to point to my key file. However, after > restarting couchdb, ssl is unable to connect. When I try > > curl -v https://myserver:6984/ > > I get the following message > > * About to connect() to myserver port 6984 (#0) > * Trying myserer... connected > * Connected to myserver (myserver) port 6984 (#0) > * Initializing NSS with certpath: /etc/pki/nssdb > * CAfile: /etc/pki/tls/certs/ca-bundle.crt > CAPath: none > * NSS error -5938 > Closing connection #0 > * SSL connect error > > It's able to connect without SSL just fine. Does anyone have any idea what I'm > doing wrong or tips to get this working? > > Thanks, > Bill >
Hi Bill, I would suggest 2 things to check[1]: - use the mochiweb test certs to confirm that you've got couchdb set up correctly - confirm your certs work using openssl, both with & without the -k option (validity chain) It's possible that you are running into one of the limitations of various erlang versions, I am not up to speed but I'd suggest re-testing with R15B02 once the first checks are working. Do keep us posted so we can keep the wiki up to date. A+ Dave [1]: http://wiki.apache.org/couchdb/How_to_enable_SSL
