Windows的CouchDB-SSL證書-連接錯誤

Question

我已經在Windows 7 x64上安裝了CouchDB。 我試圖在端口6984上使用SSL運行CouchDB。

我已經准備好證書，如文檔中所示： secure-socket-level-options

還要檢查： CouchDB Wiki

當我重新啟動服務器時，使用：

curl http://127.0.0.1:5984/_restart -X POST

日志顯示，端口6984正在偵聽：

[Tue, 25 Nov 2014 10:15:48 GMT] [debug] [<0.1208.0>] 'POST' /_restart {1,1} from "127.0.0.1"
Headers: [{'Accept',"*/*"},
          {'Authorization',"Basic dG9tOnBhcw=="},
          {'Content-Type',"application/json"},
          {'Host',"127.0.0.1:5984"},
          {'User-Agent',"curl/7.38.0"}]
[Tue, 25 Nov 2014 10:15:48 GMT] [debug] [<0.1208.0>] OAuth Params: []
[Tue, 25 Nov 2014 10:15:48 GMT] [info] [<0.1208.0>] 127.0.0.1 - - POST /_restart 202
[Tue, 25 Nov 2014 10:15:50 GMT] [info] [<0.1957.0>] Apache CouchDB has started on http://127.0.0.1:5984/
[Tue, 25 Nov 2014 10:15:50 GMT] [info] [<0.1957.0>] Apache CouchDB has started on https://127.0.0.1:6984/

我修改了local.ini，就像文檔中說的那樣：

[daemons]
; enable SSL support by uncommenting the following line and supply the PEM's below.
; the default ssl port CouchDB listens on is 6984
httpsd = {couch_httpd, start_link, [https]}

[ssl]
;cert_file = C:/Program\ Files\ (x86)/Apache\ Software\ Foundation/CouchDB/etc/Cert/localhost.crt
;key_file = C:/Program\ Files\ (x86)/Apache\ Software\ Foundation/CouchDB/etc/Cert/localhost.pem
cert_file = C:/Program\ Files\ (x86)/Apache\ Software\ Foundation/CouchDB/etc/couchdb/localhost.crt
key_file = C:/Program\ Files\ (x86)/Apache\ Software\ Foundation/CouchDB/etc/couchdb/localhost.pem
;cert_file = /etc/Cert/localhost.crt
;key_file = /etc/Cert/localhost.pem
;key_file = /etc/couchdb/localhost.pem
;cert_file = /etc/couchdb/couchdb.pem
port = 6984
;password = pass:a
; set to true to validate peer certificates
verify_ssl_certificates = false
; Path to file containing PEM encoded CA certificates (trusted
; certificates used for verifying a peer certificate). May be omitted if
; you do not want to verify the peer.
;cacert_file = /full/path/to/cacertf
; The verification fun (optional) if not specified, the default
; verification fun will be used.
;verify_fun = {Module, VerifyFun}
; maximum peer certificate depth
ssl_certificate_max_depth = 1

重新啟動服務后，我無法在端口6984上連接到服務器：

curl -k -v https://127.0.0.1:6984
* Rebuilt URL to: https://127.0.0.1:6984/
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 6984 (#0)
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to 127.0.0.1:6984
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to 127.0.0.1:6984

是什么，我錯過了什么，我沒有檢查？ CouchDB版本為1.6.1。

Answer 1

我有相同的問題和相同的症狀，但是有一件事可以肯定，通往證書的路徑已經走了。

您需要使用證書的實際“ Windows”路徑，如果有空格（即c：\\ Program Files（x86）\\ Apa .....），請在整個路徑周圍使用單引號。 可以在路徑中用“ /”替換“ \\”。

Answer 2

對於那些想知道的..截至2018年，CouchDB 2.1.1在啟用HTTPS的Windows 10上運行良好。

我使用我在Ubuntu上設置的另一個站點生成了證書，該站點使用Let'scrypt的certbot（ https://certbot.eff.org/lets-encrypt/ubuntuxenial-other ），然后將其復制到Windows機器上。 我收到警告，證明該證書無效，但這很好，因為Windows僅用於開發。

[ssl]
cert_file = c:/couchdb/cert/cert1.pem
key_file = c:/couchdb/cert/privkey1.pem
cacert_file = c:/couchdb/cert/fullchain1.pem