To be honest, I would recommend using stunnel in front of CouchDB instead of the built-in erlang SSL module.
B. On 26 September 2012 08:25, Benoit Chesneau <[email protected]> wrote: > On Wed, Sep 26, 2012 at 5:20 AM, Bill <[email protected]> wrote: >> I'm using CouchDB 1.1 and running into an issue configuring it for SSL. I >> have >> a certificate from GoDaddy that I'm trying to use. I put the cert, two >> intermediate GoDaddy certs, and the GoDaddy root cert in a poem file. I >> specified the path to that file in the "cert_file" entry in the couchdb >> config. I >> also set up the "key_file" entry to point to my key file. However, after >> restarting couchdb, ssl is unable to connect. When I try >> >> curl -v https://myserver:6984/ >> >> I get the following message >> >> * About to connect() to myserver port 6984 (#0) >> * Trying myserer... connected >> * Connected to myserver (myserver) port 6984 (#0) >> * Initializing NSS with certpath: /etc/pki/nssdb >> * CAfile: /etc/pki/tls/certs/ca-bundle.crt >> CAPath: none >> * NSS error -5938 >> Closing connection #0 >> * SSL connect error >> >> It's able to connect without SSL just fine. Does anyone have any idea what >> I'm >> doing wrong or tips to get this working? >> >> Thanks, >> Bill >> > > How did you configured it? also did you concat the bundle with the cert? > > - benoƮt
