security - CouchDB over HTTPS and self-certified certificate : browsers reject it -


i've been following these instructions enable ssl on couchdb instance running on windows. using self-certified .pem certificate , key generated

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 

it works fine using curl -k https://127.0.0.1:6984/, chrome , firefox react differently:

  • firefox first makes me add security exception self-signed certificate, throws sec_error_invalid_key
  • chrome throws err_ssl_protocol_error. tried manually adding certificate chrome, same result.

on rejected connections, erlang console shows:

[error] [<0.15176.0>] ssl: certify: tls_connection.erl:2286:fatal error: decode error 

i need access browsers web app. key , certificate generation correct?

solution found

the mailing list hinted ssl implementation in erlang might flawed.

as per suggestion, using stunnel ssl tunnel in front of couchdb. client connects stunnel on https, , stunnel communicates couchdb on http, since both on same machine should fine.

stunnel generates own certificate upon install, (for chrome / win7) must added trusted root certificate authority. also, chrome takes new certificates account when exit menu , relaunch - closing window doesn't that.


Comments

Popular posts from this blog

twig - Using Twigbridge in a Laravel 5.1 Package -

jdbc - Not able to establish database connection in eclipse -

Kivy: Swiping (Carousel & ScreenManager) -