Max, I brought up this same issue in this email list a few weeks back (I will forward you the thread). What I found was that the SSL package used by CouchDB is broken in Ubuntu 14.04. When I installed CouchDB on 14.10 the problem was fixed. My case was with a CA signed cert, but maybe the same is true for your self signed ones.
-- Paul Okstad > On Dec 4, 2014, at 8:30 AM, max <[email protected]> wrote: > > Hi, > > I am currently using CouchDB 1.4.0 over HTTP/HTTPS protocle for a while and > it works great on my Ubuntu server! > > However I am facing a problem after installing it on Windows. This error is > due to self signed SSL certificate (Tried on Windows 7,8 and server 2012 ). > > I have created a certificate just like I did for Ubuntu Server by following > this: > https://couchdb.readthedocs.org/en/1.4.x/configuring.html#native-ssl-support > > Then I edited my local.ini file and restart the window service. > > Here is the problem, browsers do not ask me to continu despite a self > signed certificate but just close the connection. Only IE allows me to view > futon with an alert in url field. > Here are the results when I tested to get Futon with: > > -Chrome: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED. > > -Firefox: sec_error_invalid_key > > > -Curl: > curl -v https://localhost:6984 > * STATE: INIT => CONNECT handle 0x8001f2e0; line 998 (connection #-5000) > * Rebuilt URL to: https://localhost:6984/ > * About to connect() to localhost port 6984 (#0) > * Trying ::1... > * Adding handle: conn: 0x80059c58 > * Adding handle: send: 0 > * Adding handle: recv: 0 > * Curl_addHandleToPipeline: length: 1 > * 0x8001f2e0 is at send pipe head! > * - Conn 0 (0x80059c58) send_pipe: 1, recv_pipe: 0 > * STATE: CONNECT => WAITCONNECT handle 0x8001f2e0; line 1045 (connection #0) > * After 149995ms connect time, move on! > * Trying 127.0.0.1... > * Connected to localhost (127.0.0.1) port 6984 (#0) > * successfully set certificate verify locations: > * CAfile: /usr/ssl/certs/ca-bundle.crt > CApath: none > * SSLv3, TLS handshake, Client hello (1): > * STATE: WAITCONNECT => PROTOCONNECT handle 0x8001f2e0; line 1158 > (connection #0) > * SSLv3, TLS handshake, Server hello (2): > * SSLv3, TLS handshake, CERT (11): > * SSLv3, TLS alert, Server hello (2): > * SSL certificate problem: self signed certificate > * Closing connection 0 > * The cache now contains 0 members > * Expire cleared > curl: (60) SSL certificate problem: self signed certificate > More details here: http://curl.haxx.se/docs/sslcerts.html > > curl performs SSL certificate verification by default, using a "bundle" > of Certificate Authority (CA) public keys (CA certs). If the default > bundle file isn't adequate, you can specify an alternate file > using the --cacert option. > If this HTTPS server uses a certificate signed by a CA represented in > the bundle, the certificate verification probably failed due to a > problem with the certificate (it might be expired, or the name might > not match the domain name in the URL). > If you'd like to turn off curl's verification of the certificate, use > the -k (or --insecure) option. > > > I tried many ways to create the certificate such as openSSL on an Ubuntu > VM, online self signed certificate generator, cygwin for Windows but I am > always facing the same error. > Any hit would welcome, thanks in advance ! > > Max
