I just tried it, same results with chrome, firefox and Curl. It seems only certificate created from IIS interface (which only allow me to give it a friendly name) can be used with CouchDB on Windows. Did anybody success to create a self-signed certificate then use it with CouchDB on Windows ?
2014-12-04 21:43 GMT+01:00 Nick North <[email protected]>: > I'm not sure about the OpenSSL question, but you can create IIS SSL > certificates of arbitrary duration using Microsoft's SelfSSL utility. You > can find out more about it at the bottom of this page > < > http://blogs.iis.net/thomad/archive/2010/04/16/setting-up-ssl-made-easy.aspx > >. > Disclaimer: I haven't tried this myself, but it should work fine. > > Nick > > On 4 December 2014 at 17:19, max <[email protected]> wrote: > > > Thank you for your quick response. > > It seems my questions was not really clear I am sorry. On Ubuntu > everything > > is ok , my problem is on Windows 7 and windows Server 2012. I just > figured > > out that creating my SSL certificate form a Windows machine through IIS > > gave me back .pfx file. Then I turned this file to cert and key file with > > openssl and tried those files. > > Guess what it worked ! > > what does it mean? An SSL certificate created from openSSL cannot be used > > in windows ? But how does SSL Authorities manage that problem? > > > > Well this is a start but now I cannot modify the duration of my > certificate > > when I create it from IIS, does anyone know how to do that ? > > > > Thank you again ! > > > > > > 2014-12-04 18:02 GMT+01:00 Paul Okstad <[email protected]>: > > > > > Max, I brought up this same issue in this email list a few weeks back > (I > > > will forward you the thread). What I found was that the SSL package > used > > by > > > CouchDB is broken in Ubuntu 14.04. When I installed CouchDB on 14.10 > the > > > problem was fixed. My case was with a CA signed cert, but maybe the > same > > is > > > true for your self signed ones. > > > > > > -- > > > Paul Okstad > > > > > > > > > > > > > On Dec 4, 2014, at 8:30 AM, max <[email protected]> wrote: > > > > > > > > Hi, > > > > > > > > I am currently using CouchDB 1.4.0 over HTTP/HTTPS protocle for a > while > > > and > > > > it works great on my Ubuntu server! > > > > > > > > However I am facing a problem after installing it on Windows. This > > error > > > is > > > > due to self signed SSL certificate (Tried on Windows 7,8 and server > > 2012 > > > ). > > > > > > > > I have created a certificate just like I did for Ubuntu Server by > > > following > > > > this: > > > > > > > > > > https://couchdb.readthedocs.org/en/1.4.x/configuring.html#native-ssl-support > > > > > > > > Then I edited my local.ini file and restart the window service. > > > > > > > > Here is the problem, browsers do not ask me to continu despite a self > > > > signed certificate but just close the connection. Only IE allows me > to > > > view > > > > futon with an alert in url field. > > > > Here are the results when I tested to get Futon with: > > > > > > > > -Chrome: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED. > > > > > > > > -Firefox: sec_error_invalid_key > > > > > > > > > > > > -Curl: > > > > curl -v https://localhost:6984 > > > > * STATE: INIT => CONNECT handle 0x8001f2e0; line 998 (connection > > #-5000) > > > > * Rebuilt URL to: https://localhost:6984/ > > > > * About to connect() to localhost port 6984 (#0) > > > > * Trying ::1... > > > > * Adding handle: conn: 0x80059c58 > > > > * Adding handle: send: 0 > > > > * Adding handle: recv: 0 > > > > * Curl_addHandleToPipeline: length: 1 > > > > * 0x8001f2e0 is at send pipe head! > > > > * - Conn 0 (0x80059c58) send_pipe: 1, recv_pipe: 0 > > > > * STATE: CONNECT => WAITCONNECT handle 0x8001f2e0; line 1045 > > (connection > > > #0) > > > > * After 149995ms connect time, move on! > > > > * Trying 127.0.0.1... > > > > * Connected to localhost (127.0.0.1) port 6984 (#0) > > > > * successfully set certificate verify locations: > > > > * CAfile: /usr/ssl/certs/ca-bundle.crt > > > > CApath: none > > > > * SSLv3, TLS handshake, Client hello (1): > > > > * STATE: WAITCONNECT => PROTOCONNECT handle 0x8001f2e0; line 1158 > > > > (connection #0) > > > > * SSLv3, TLS handshake, Server hello (2): > > > > * SSLv3, TLS handshake, CERT (11): > > > > * SSLv3, TLS alert, Server hello (2): > > > > * SSL certificate problem: self signed certificate > > > > * Closing connection 0 > > > > * The cache now contains 0 members > > > > * Expire cleared > > > > curl: (60) SSL certificate problem: self signed certificate > > > > More details here: http://curl.haxx.se/docs/sslcerts.html > > > > > > > > curl performs SSL certificate verification by default, using a > "bundle" > > > > of Certificate Authority (CA) public keys (CA certs). If the default > > > > bundle file isn't adequate, you can specify an alternate file > > > > using the --cacert option. > > > > If this HTTPS server uses a certificate signed by a CA represented in > > > > the bundle, the certificate verification probably failed due to a > > > > problem with the certificate (it might be expired, or the name might > > > > not match the domain name in the URL). > > > > If you'd like to turn off curl's verification of the certificate, use > > > > the -k (or --insecure) option. > > > > > > > > > > > > I tried many ways to create the certificate such as openSSL on an > > Ubuntu > > > > VM, online self signed certificate generator, cygwin for Windows but > I > > am > > > > always facing the same error. > > > > Any hit would welcome, thanks in advance ! > > > > > > > > Max > > > > > > > > >
