You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Jeremy Smith <je...@yahoo.com> on 2011/11/24 17:21:35 UTC
ssl problem
Hi,
I have a godaddy ssl certificate and I am not sure how to tell couch to use the intermediate certificate, there are two settings in local.ini for the key and the certificate, I have tried various combination of these files copncatinated in various ways with no joy.
The files I have are:
gd_bundle.crt - bundle provided by godaddy
jeremythings.co.uk.crt - domain cert provided by godaddy
server.key - my key that I used to create the certificate request
The errors I am getting are:
jeremy@jeremythings:~/daddyssl/blah$ curl -k -v https://www.jeremythings.co.uk:6984/
* About to connect() to www.jeremythings.co.uk port 6984 (#0)
* Trying 64.22.103.145... connected
* Connected to www.jeremythings.co.uk (64.22.103.145) port 6984 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to www.jeremythings.co.uk:6984
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to www.jeremythings.co.uk:6984
Thanks
Jeremy
Re: ssl problem
Posted by Jeremy Smith <je...@yahoo.com>.
Thanks,
I managed to get it working last night, although not working from everywhere/everybrowser yet that I have tried, clearly I need to learn more about SSL certificates :-)
Cheers
Jeremy
________________________________
From: Benoit Chesneau <bc...@gmail.com>
To: "user@couchdb.apache.org" <us...@couchdb.apache.org>; Jeremy Smith <je...@yahoo.com>
Sent: Friday, 25 November 2011, 5:26
Subject: Re: ssl problem
On Thursday, November 24, 2011, Jeremy Smith <je...@yahoo.com> wrote:
> Hi,
>
> I have a godaddy ssl certificate and I am not sure how to tell couch to use the intermediate certificate, there are two settings in local.ini for the key and the certificate, I have tried various combination of these files copncatinated in various ways with no joy.
>
> The files I have are:
> gd_bundle.crt - bundle provided by godaddy
> jeremythings.co.uk.crt - domain cert provided by godaddy
> server.key - my key that I used to create the certificate request
>
> The errors I am getting are:
> jeremy@jeremythings:~/daddyssl/blah$ curl -k -v https://www.jeremythings.co.uk:6984/
> * About to connect() to www.jeremythings.co.uk port 6984 (#0)
> * Trying 64.22.103.145... connected
> * Connected to www.jeremythings.co.uk (64.22.103.145) port 6984 (#0)
> * successfully set certificate verify locations:
> * CAfile: none
> CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
> * Unknown SSL protocol error in connection to www.jeremythings.co.uk:6984
> * Closing connection #0
> curl: (35) Unknown SSL protocol error in connection to www.jeremythings.co.uk:6984
>
>
> Thanks
> Jeremy
>
concat your certificate + the bundle in one new crt file and use this ne as crt.
benoît
Re: ssl problem
Posted by Benoit Chesneau <bc...@gmail.com>.
On Thursday, November 24, 2011, Jeremy Smith <je...@yahoo.com> wrote:
> Hi,
>
> I have a godaddy ssl certificate and I am not sure how to tell couch to
use the intermediate certificate, there are two settings in local.ini for
the key and the certificate, I have tried various combination of these
files copncatinated in various ways with no joy.
>
> The files I have are:
> gd_bundle.crt - bundle provided by godaddy
> jeremythings.co.uk.crt - domain cert provided by godaddy
> server.key - my key that I used to create the certificate request
>
> The errors I am getting are:
> jeremy@jeremythings:~/daddyssl/blah$ curl -k -v
https://www.jeremythings.co.uk:6984/
> * About to connect() to www.jeremythings.co.uk port 6984 (#0)
> * Trying 64.22.103.145... connected
> * Connected to www.jeremythings.co.uk (64.22.103.145) port 6984 (#0)
> * successfully set certificate verify locations:
> * CAfile: none
> CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
> * Unknown SSL protocol error in connection to www.jeremythings.co.uk:6984
> * Closing connection #0
> curl: (35) Unknown SSL protocol error in connection to
www.jeremythings.co.uk:6984
>
>
> Thanks
> Jeremy
>
concat your certificate + the bundle in one new crt file and use this ne as
crt.
benoît
Re: ssl problem
Posted by Keith Gable <zi...@ignition-project.com>.
Put the contents of the intermediate certificate file after the contents of
your certificate and save a new file. Use that as your certificate.
On Nov 24, 2011 12:00 PM, "Jeremy Smith" <je...@yahoo.com> wrote:
> Hi,
>
> I have a godaddy ssl certificate and I am not sure how to tell couch to
> use the intermediate certificate, there are two settings in local.ini for
> the key and the certificate, I have tried various combination of these
> files copncatinated in various ways with no joy.
>
> The files I have are:
> gd_bundle.crt - bundle provided by godaddy
> jeremythings.co.uk.crt - domain cert provided by godaddy
> server.key - my key that I used to create the certificate request
>
> The errors I am getting are:
> jeremy@jeremythings:~/daddyssl/blah$ curl -k -v
> https://www.jeremythings.co.uk:6984/
> * About to connect() to www.jeremythings.co.uk port 6984 (#0)
> * Trying 64.22.103.145... connected
> * Connected to www.jeremythings.co.uk (64.22.103.145) port 6984 (#0)
> * successfully set certificate verify locations:
> * CAfile: none
> CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
> * Unknown SSL protocol error in connection to www.jeremythings.co.uk:6984
> * Closing connection #0
> curl: (35) Unknown SSL protocol error in connection to
> www.jeremythings.co.uk:6984
>
>
> Thanks
> Jeremy
>
Re: ssl problem
Posted by david martin <da...@lymegreen.co.uk>.
another view
curl -k -v https://www.jeremythings.co.uk:6984/
* About to connect() to www.jeremythings.co.uk port 6984 (#0)
* Trying 64.22.103.145... connected
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: O=www.jeremythings.co.uk; OU=Domain Control Validated; CN=www.jeremythings.co.uk
* start date: 2011-11-24 14:49:13 GMT
* expire date: 2013-11-24 14:49:13 GMT
* subjectAltName: www.jeremythings.co.uk matched
* issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certificates.godaddy.com/repository; CN=Go Daddy Secure Certification Authority; serialNumber=07969287
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET / HTTP/1.1
> User-Agent: curl/7.23.1 (x86_64-unknown-linux-gnu) libcurl/7.23.1 OpenSSL/1.0.0e zlib/1.2.5 libssh2/1.3.0
> Host: www.jeremythings.co.uk:6984
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: CouchDB/1.1.1 (Erlang OTP/R14B04)
< Date: Thu, 24 Nov 2011 22:37:17 GMT
< Content-Type: text/plain;charset=utf-8
< Content-Length: 40
< Cache-Control: must-revalidate
<
{"couchdb":"Welcome","version":"1.1.1"}
* Connection #0 to host www.jeremythings.co.uk left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
Re: ssl problem
Posted by david martin <da...@lymegreen.co.uk>.
http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/
Re: ssl problem
Posted by Alexander Shorin <kx...@gmail.com>.
Hi,
$ curl -k -v https://www.jeremythings.co.uk:6984/
* About to connect() to www.jeremythings.co.uk port 6984 (#0)
* Trying 64.22.103.145... connected
* Connected to www.jeremythings.co.uk (64.22.103.145) port 6984 (#0)
* found 157 certificates in /etc/ssl/certs/ca-certificates.crt
* server certificate verification SKIPPED
* compression: NULL
* cipher: AES-128-CBC
* MAC: SHA1
> GET / HTTP/1.1
> User-Agent: curl/7.21.4 (x86_64-pc-linux-gnu) libcurl/7.21.4 GnuTLS/2.10.5 zlib/1.2.5
> Host: www.jeremythings.co.uk:6984
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: CouchDB/1.1.1 (Erlang OTP/R14B04)
< Date: Thu, 24 Nov 2011 18:15:52 GMT
< Content-Type: text/plain;charset=utf-8
< Content-Length: 40
< Cache-Control: must-revalidate
<
{"couchdb":"Welcome","version":"1.1.1"}
* Connection #0 to host www.jeremythings.co.uk left intact
* Closing connection #0
works fine for me
--
,,,^..^,,,
On Thu, Nov 24, 2011 at 8:21 PM, Jeremy Smith <je...@yahoo.com> wrote:
> Hi,
>
> I have a godaddy ssl certificate and I am not sure how to tell couch to use the intermediate certificate, there are two settings in local.ini for the key and the certificate, I have tried various combination of these files copncatinated in various ways with no joy.
>
> The files I have are:
> gd_bundle.crt - bundle provided by godaddy
> jeremythings.co.uk.crt - domain cert provided by godaddy
> server.key - my key that I used to create the certificate request
>
> The errors I am getting are:
> jeremy@jeremythings:~/daddyssl/blah$ curl -k -v https://www.jeremythings.co.uk:6984/
> * About to connect() to www.jeremythings.co.uk port 6984 (#0)
> * Trying 64.22.103.145... connected
> * Connected to www.jeremythings.co.uk (64.22.103.145) port 6984 (#0)
> * successfully set certificate verify locations:
> * CAfile: none
> CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
> * Unknown SSL protocol error in connection to www.jeremythings.co.uk:6984
> * Closing connection #0
> curl: (35) Unknown SSL protocol error in connection to www.jeremythings.co.uk:6984
>
>
> Thanks
> Jeremy
>
Re: ssl problem
Posted by Travis Paul <Tr...@visPaul.me>.
I have only tried a self signed certificate w/ couch. I added my steps
here: http://wiki.archlinux.org/index.php/Couchdb
Maybe it might show you something that you have misconfigured?
Best of luck!
On Nov 24, 2011 1:00 PM, "Jeremy Smith" <je...@yahoo.com> wrote:
Hi,
I have a godaddy ssl certificate and I am not sure how to tell couch to use
the intermediate certificate, there are two settings in local.ini for the
key and the certificate, I have tried various combination of these files
copncatinated in various ways with no joy.
The files I have are:
gd_bundle.crt - bundle provided by godaddy
jeremythings.co.uk.crt - domain cert provided by godaddy
server.key - my key that I used to create the certificate request
The errors I am getting are:
jeremy@jeremythings:~/daddyssl/blah$ curl -k -v
https://www.jeremythings.co.uk:6984/
* About to connect() to www.jeremythings.co.uk port 6984 (#0)
* Trying 64.22.103.145... connected
* Connected to www.jeremythings.co.uk (64.22.103.145) port 6984 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to www.jeremythings.co.uk:6984
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to
www.jeremythings.co.uk:6984
Thanks
Jeremy