On Wed, 15 Mar 2017, at 16:30, max wrote:
> Hi,
>
> I'm trying to install a certificate on Windows server 2012 R2.
> First I'd like to install a self-signed certificate. Some years ago I did
> it for CouchDB 1.4.1 on a Windows server 2008 so I'm trying to reproduce
> what I've done but I'm stuck.
> This what I do :
> - open IIS and create a self-signed certificate then export it in order
> to
> get a *.pfx file
> - transfer this file onto a unix system where I run :
>
> openssl pkcs12 -in file.pfx -clcerts -nokeys -out file.cer
> openssl pkcs12 -in file.pfx -nocerts -nodes -out file.key
>
> - transfer *.cer and *.key files to my windows server and edit local.ini
> :
>
>
> [daemons]
> httpsd = {couch_httpd, start_link, [https]}
>
>
> [ssl]
> port = 6984
> cert_file = C:/srv/SSL/tmp/file.cer
> key_file = C:/srv/SSL/tmp/file.key
> verify_ssl_certificates = false
> ssl_certificate_max_depth = 1
Hi Max,
Your config looks right, you might throw "" around cert_file / key_file
but I don't think thats the problem.
https://wiki.apache.org/couchdb/How_to_enable_SSL
still applies to 1.6.1. Start off with the mochiweb certs noted in the
document as we know they work, and post output of `curl -4vsk
https://127.0.0.1:6984/` along with whatever garbage is spewed out in
the couch.log.
It's quite possible that you have a certificate that requires OpenSSL
features newer than what 1.6.1 was built with at the time, but the
debugging notes in that URL above will help us see.
A+
Dave
