CouchDB for Windows - SSL certificate - Connection error
Question
I have installed CouchDB on Windows 7 x64. I am trying to run CouchDB with SSL on port 6984.
I am prepared certificate like in documentation: secure-socket-level-options
And also checking: CouchDB Wiki
When I restart server, using:
curl http://127.0.0.1:5984/_restart -X POST
A log show, the port 6984 is listening:
[Tue, 25 Nov 2014 10:15:48 GMT] [debug] [<0.1208.0>] 'POST' /_restart {1,1} from "127.0.0.1"
Headers: [{'Accept',"*/*"},
{'Authorization',"Basic dG9tOnBhcw=="},
{'Content-Type',"application/json"},
{'Host',"127.0.0.1:5984"},
{'User-Agent',"curl/7.38.0"}]
[Tue, 25 Nov 2014 10:15:48 GMT] [debug] [<0.1208.0>] OAuth Params: []
[Tue, 25 Nov 2014 10:15:48 GMT] [info] [<0.1208.0>] 127.0.0.1 - - POST /_restart 202
[Tue, 25 Nov 2014 10:15:50 GMT] [info] [<0.1957.0>] Apache CouchDB has started on http://127.0.0.1:5984/
[Tue, 25 Nov 2014 10:15:50 GMT] [info] [<0.1957.0>] Apache CouchDB has started on https://127.0.0.1:6984/
I am modified local.ini, just like documentation says:
[daemons]
; enable SSL support by uncommenting the following line and supply the PEM's below.
; the default ssl port CouchDB listens on is 6984
httpsd = {couch_httpd, start_link, [https]}
[ssl]
;cert_file = C:/Program\ Files\ (x86)/Apache\ Software\ Foundation/CouchDB/etc/Cert/localhost.crt
;key_file = C:/Program\ Files\ (x86)/Apache\ Software\ Foundation/CouchDB/etc/Cert/localhost.pem
cert_file = C:/Program\ Files\ (x86)/Apache\ Software\ Foundation/CouchDB/etc/couchdb/localhost.crt
key_file = C:/Program\ Files\ (x86)/Apache\ Software\ Foundation/CouchDB/etc/couchdb/localhost.pem
;cert_file = /etc/Cert/localhost.crt
;key_file = /etc/Cert/localhost.pem
;key_file = /etc/couchdb/localhost.pem
;cert_file = /etc/couchdb/couchdb.pem
port = 6984
;password = pass:a
; set to true to validate peer certificates
verify_ssl_certificates = false
; Path to file containing PEM encoded CA certificates (trusted
; certificates used for verifying a peer certificate). May be omitted if
; you do not want to verify the peer.
;cacert_file = /full/path/to/cacertf
; The verification fun (optional) if not specified, the default
; verification fun will be used.
;verify_fun = {Module, VerifyFun}
; maximum peer certificate depth
ssl_certificate_max_depth = 1
After restart service, I cannot connect to server on port 6984:
curl -k -v https://127.0.0.1:6984
* Rebuilt URL to: https://127.0.0.1:6984/
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 6984 (#0)
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to 127.0.0.1:6984
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to 127.0.0.1:6984
Is something, what I have missed, I am not checked ? CouchDB is in version 1.6.1.
2 answers
solution1
0 2015-07-06 04:10:04
I have the same problem and same symptoms but one thing is certain the path to your certificates is way off.
You need to use the actual 'Windows' path to the certificates and if there are spaces ( ie c:\\Program Files(x86)\\Apa..... ) use single quotes around the whole path. It should be ok to replace the '\\' with a '/' in the path.
solution2
0 2018-05-31 08:24:04
For those that are wondering.. as of 2018, CouchDB 2.1.1 runs fine on Windows 10 with HTTPS enabled.
I generated my Certificate using another site that I setup on Ubuntu using Let's encrypt's certbot ( https://certbot.eff.org/lets-encrypt/ubuntuxenial-other ) and then copied them over to my windows machine. I get a warning that the certificate is not valid, but that's fine as Windows is just for development.
[ssl]
cert_file = c:/couchdb/cert/cert1.pem
key_file = c:/couchdb/cert/privkey1.pem
cacert_file = c:/couchdb/cert/fullchain1.pem
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.