Hi
I am running an Apache CouchDB instance (version 1.3.0) on an Ubuntu 12.10
server in the cloud (AWS). I am trying to get SSL working on my couchDB
instance.
The basic SSL setup is very easy. I have placed my certificate and key in a
directory and uncommented the following lines in my local.ini file
httpsd = {couch_httpd, start_link, [https]}
cert_file = /usr/local/etc/couchdb/certs/mycouchdbserver_cert.pem
key_file = /usr/local/etc/couchdb/certs/mycouchdbserver_key.pem
I have also made sure that the ownership on these files is correct.
This works fine, the couchDB server starts up, you can navigate to
https://mycouchdbserver.com/_utils/ without a problem.
Testing using openssl
openssl s_client -showcerts -connect mycouchdbserver.com:443
Gives the correct result for standard SSL configuration
When testing the setup on the DigiCert website (the company the SSL certs were
bought through - test link: http://www.digicert.com/help/) I get the following
error:
The server is not sending the required intermediate certificate.
When purchasing the SSL certificate I obtained an intermediate certificate from
DigiCert and have downloaded the root cert for DigiCert as well.
In the local.ini config file for couchDB you can use these with the following
configuration fields:
verify_ssl_certificates = true
cacert_file = xxxx
My problem is that I cant get this to work and have tried every possible
combination to get this to work. Here is what I have tried:
Tried setting cacert_file to the intermediate cert from DigiCert
Tried setting cacert_file to the root certificate in /etc/ssl/certs
Tried adding the root cert from DigiCert website to /usr/shared/ca-certs/ and
then running dpkg-reconfigure ca-certificates to install a new root certificate
and setting cacert_file to that new pem encoded certificate in /etc/ssl/certs
Tried combining the cert and intermediate cert in one file used for cert_file
Tried combining the cert, intermediate cert and root cert into 1 pem file used
for cert_file
All of the above throws errors in the couchDB log. Some give a mass amount of
output in the errors logs but using number 3, I get
=ERROR REPORT==== 11-Jun-2013::11:35:30 ===
SSL: hello: ssl_handshake.erl:252:Fatal error: internal error
And testing with openssl I get
CONNECTED(00000003)
16871:error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal
error:s3_pkt.c:1099:SSL alert number 80
16871:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:
Does anyone have any idea on how to use the verify_ssl_certificates, the root
certificate and the intermediate certificate correctly with couchDB
I have read all documentation online and nothing has helped
Thanks in Advance
Andrew
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
