Hi, Thank you for your answer. I finally used Nginx for Windows. I'll have to do it again in fews days so I'll post any debug information I'll find with your steps.
Thanks, Max. 2017-03-18 12:12 GMT+01:00 Dave Cottlehuber <[email protected]>: > On Wed, 15 Mar 2017, at 16:30, max wrote: > > Hi, > > > > I'm trying to install a certificate on Windows server 2012 R2. > > First I'd like to install a self-signed certificate. Some years ago I did > > it for CouchDB 1.4.1 on a Windows server 2008 so I'm trying to reproduce > > what I've done but I'm stuck. > > This what I do : > > - open IIS and create a self-signed certificate then export it in order > > to > > get a *.pfx file > > - transfer this file onto a unix system where I run : > > > > openssl pkcs12 -in file.pfx -clcerts -nokeys -out file.cer > > openssl pkcs12 -in file.pfx -nocerts -nodes -out file.key > > > > - transfer *.cer and *.key files to my windows server and edit local.ini > > : > > > > > > [daemons] > > httpsd = {couch_httpd, start_link, [https]} > > > > > > [ssl] > > port = 6984 > > cert_file = C:/srv/SSL/tmp/file.cer > > key_file = C:/srv/SSL/tmp/file.key > > verify_ssl_certificates = false > > ssl_certificate_max_depth = 1 > > Hi Max, > > Your config looks right, you might throw "" around cert_file / key_file > but I don't think thats the problem. > > https://wiki.apache.org/couchdb/How_to_enable_SSL > > still applies to 1.6.1. Start off with the mochiweb certs noted in the > document as we know they work, and post output of `curl -4vsk > https://127.0.0.1:6984/` along with whatever garbage is spewed out in > the couch.log. > > It's quite possible that you have a certificate that requires OpenSSL > features newer than what 1.6.1 was built with at the time, but the > debugging notes in that URL above will help us see. > > A+ > Dave > >
