Hi,
I'm trying to install a certificate on Windows server 2012 R2.
First I'd like to install a self-signed certificate. Some years ago I did
it for CouchDB 1.4.1 on a Windows server 2008 so I'm trying to reproduce
what I've done but I'm stuck.
This what I do :
- open IIS and create a self-signed certificate then export it in order to
get a *.pfx file
- transfer this file onto a unix system where I run :
openssl pkcs12 -in file.pfx -clcerts -nokeys -out file.cer
openssl pkcs12 -in file.pfx -nocerts -nodes -out file.key
- transfer *.cer and *.key files to my windows server and edit local.ini :
[daemons]
httpsd = {couch_httpd, start_link, [https]}
[ssl]
port = 6984
cert_file = C:/srv/SSL/tmp/file.cer
key_file = C:/srv/SSL/tmp/file.key
verify_ssl_certificates = false
ssl_certificate_max_depth = 1
- restart couchdb service
- test with :
https://127.0.0.1:6984/_utils/
https://localhost:6984/_utils/
https://myServerName:6984/_utils/
What am I doing wrong ?
Finally I will use a verified certificate. To use it I was given 4
files : ca.crt, certificate.crt, client.key and client.pfx.
Which files am I supposed to use ? I guess the *.pfx but am I supposed
to run the above openssl commands ?
I've done this kind of configurations several times for Ubuntu system
with or without a reverse proxy such as nginx and it was easy.
For Windows it's really really tough but maybe am I missing something
? If you know a reverse proxy I could use for Windows which would
allow me to configure SSL quickly please let me know.
Thanks for any hints.
Max.
