Thank you for your quick response. It seems my questions was not really clear I am sorry. On Ubuntu everything is ok , my problem is on Windows 7 and windows Server 2012. I just figured out that creating my SSL certificate form a Windows machine through IIS gave me back .pfx file. Then I turned this file to cert and key file with openssl and tried those files. Guess what it worked ! what does it mean? An SSL certificate created from openSSL cannot be used in windows ? But how does SSL Authorities manage that problem?
Well this is a start but now I cannot modify the duration of my certificate when I create it from IIS, does anyone know how to do that ? Thank you again ! 2014-12-04 18:02 GMT+01:00 Paul Okstad <[email protected]>: > Max, I brought up this same issue in this email list a few weeks back (I > will forward you the thread). What I found was that the SSL package used by > CouchDB is broken in Ubuntu 14.04. When I installed CouchDB on 14.10 the > problem was fixed. My case was with a CA signed cert, but maybe the same is > true for your self signed ones. > > -- > Paul Okstad > > > > > On Dec 4, 2014, at 8:30 AM, max <[email protected]> wrote: > > > > Hi, > > > > I am currently using CouchDB 1.4.0 over HTTP/HTTPS protocle for a while > and > > it works great on my Ubuntu server! > > > > However I am facing a problem after installing it on Windows. This error > is > > due to self signed SSL certificate (Tried on Windows 7,8 and server 2012 > ). > > > > I have created a certificate just like I did for Ubuntu Server by > following > > this: > > > https://couchdb.readthedocs.org/en/1.4.x/configuring.html#native-ssl-support > > > > Then I edited my local.ini file and restart the window service. > > > > Here is the problem, browsers do not ask me to continu despite a self > > signed certificate but just close the connection. Only IE allows me to > view > > futon with an alert in url field. > > Here are the results when I tested to get Futon with: > > > > -Chrome: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED. > > > > -Firefox: sec_error_invalid_key > > > > > > -Curl: > > curl -v https://localhost:6984 > > * STATE: INIT => CONNECT handle 0x8001f2e0; line 998 (connection #-5000) > > * Rebuilt URL to: https://localhost:6984/ > > * About to connect() to localhost port 6984 (#0) > > * Trying ::1... > > * Adding handle: conn: 0x80059c58 > > * Adding handle: send: 0 > > * Adding handle: recv: 0 > > * Curl_addHandleToPipeline: length: 1 > > * 0x8001f2e0 is at send pipe head! > > * - Conn 0 (0x80059c58) send_pipe: 1, recv_pipe: 0 > > * STATE: CONNECT => WAITCONNECT handle 0x8001f2e0; line 1045 (connection > #0) > > * After 149995ms connect time, move on! > > * Trying 127.0.0.1... > > * Connected to localhost (127.0.0.1) port 6984 (#0) > > * successfully set certificate verify locations: > > * CAfile: /usr/ssl/certs/ca-bundle.crt > > CApath: none > > * SSLv3, TLS handshake, Client hello (1): > > * STATE: WAITCONNECT => PROTOCONNECT handle 0x8001f2e0; line 1158 > > (connection #0) > > * SSLv3, TLS handshake, Server hello (2): > > * SSLv3, TLS handshake, CERT (11): > > * SSLv3, TLS alert, Server hello (2): > > * SSL certificate problem: self signed certificate > > * Closing connection 0 > > * The cache now contains 0 members > > * Expire cleared > > curl: (60) SSL certificate problem: self signed certificate > > More details here: http://curl.haxx.se/docs/sslcerts.html > > > > curl performs SSL certificate verification by default, using a "bundle" > > of Certificate Authority (CA) public keys (CA certs). If the default > > bundle file isn't adequate, you can specify an alternate file > > using the --cacert option. > > If this HTTPS server uses a certificate signed by a CA represented in > > the bundle, the certificate verification probably failed due to a > > problem with the certificate (it might be expired, or the name might > > not match the domain name in the URL). > > If you'd like to turn off curl's verification of the certificate, use > > the -k (or --insecure) option. > > > > > > I tried many ways to create the certificate such as openSSL on an Ubuntu > > VM, online self signed certificate generator, cygwin for Windows but I am > > always facing the same error. > > Any hit would welcome, thanks in advance ! > > > > Max > >
