security - CouchDB over HTTPS and self-certified certificate : browsers reject it -
i've been following these instructions enable ssl on couchdb instance running on windows. using self-certified .pem certificate , key generated
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365
it works fine using curl -k https://127.0.0.1:6984/
, chrome , firefox react differently:
- firefox first makes me add security exception self-signed certificate, throws
sec_error_invalid_key
- chrome throws
err_ssl_protocol_error
. tried manually adding certificate chrome, same result.
on rejected connections, erlang console shows:
[error] [<0.15176.0>] ssl: certify: tls_connection.erl:2286:fatal error: decode error
i need access browsers web app. key , certificate generation correct?
solution found
the mailing list hinted ssl implementation in erlang might flawed.
as per suggestion, using stunnel ssl tunnel in front of couchdb. client connects stunnel on https, , stunnel communicates couchdb on http, since both on same machine should fine.
stunnel generates own certificate upon install, (for chrome / win7) must added trusted root certificate authority. also, chrome takes new certificates account when exit menu , relaunch - closing window doesn't that.
Comments
Post a Comment