CouchDB/MochiWeb SSL 错误
我使用 CouchDB 1.1.1 和自签名证书已经有一段时间了。
然后,我为我的域购买了 SSL 证书(PFX 形式)。
我通过 OpenSSL 将其转换为 .CER 和 .KEY,如下所述: 如何转换 PFX 证书文件以便与 Linux 服务器上的 Apache 一起使用?
但是,CouchDB 给了我这个错误:http://pastebin.com/PieNwYv7
证书和关键工作在推荐的测试中良好 < a href="http://wiki.apache.org/couchdb/How_to_enable_SSL" rel="nofollow noreferrer">http://wiki.apache.org/couchdb/How_to_enable_SSL。
我在 OpenSSL 中尝试了不同的转换选项(der、pem 等),但没有成功:(
我的证书或私钥可能有什么问题? (我显然不能在这里发布私钥,但也许你可以向我指出一些工具来诊断问题)
UPD:尝试过
openssl rsa -in server.key -out server_rsa.key
这给出了格式为 -----BEGIN RSA PRIVATE KEY (而不是 -----BEGIN PRIVATE KEY)的密钥, 也可以与 OpenSSL 配合使用(使用 openssl s_server -key server_rsa.key -cert server.cer -www 进行测试),CouchDB 给出不同的错误:
[Sat, 28 Jan 2012 21:30:58 GMT] [error] [<0.69.0>] {error_report,<0.64.0>,
{<0.69.0>,supervisor_report,
[{supervisor,{local,ssl_connection_sup}},
{errorContext,child_terminated},
{reason,
{function_clause,
[{ssl_handshake,dec_client_key,
[<<149,172,109,56,46,85,242,18,97,32,127,
UPD2:使用 Firefox 的密钥生成器(而不是 IIS)获得另一个证书,此处相同:(
I used CouchDB 1.1.1 with self-signed certs fine for some time.
Then, I purchased a SSL cert (in PFX form) for my domain.
I converted it to .CER and .KEY via OpenSSL, as described here: How can I convert a PFX certificate file for use with Apache on a linux server?
But, CouchDB gives me this error: http://pastebin.com/PieNwYv7
Certificate and key work fine in test recommended on http://wiki.apache.org/couchdb/How_to_enable_SSL .
I tried different conversion options (der, pem etc) in OpenSSL, with no luck :(
What could possibly be wrong with my certificate or privkey?
(I can't obviously publish the private key here, but maybe you can point me to some tools to diagnose the problem)
UPD: Tried
openssl rsa -in server.key -out server_rsa.key
This gives key in format -----BEGIN RSA PRIVATE KEY (instead of -----BEGIN PRIVATE KEY),
works with OpenSSL fine too (tested with openssl s_server -key server_rsa.key -cert server.cer -www), CouchDB gives different error:
[Sat, 28 Jan 2012 21:30:58 GMT] [error] [<0.69.0>] {error_report,<0.64.0>,
{<0.69.0>,supervisor_report,
[{supervisor,{local,ssl_connection_sup}},
{errorContext,child_terminated},
{reason,
{function_clause,
[{ssl_handshake,dec_client_key,
[<<149,172,109,56,46,85,242,18,97,32,127,
UPD2: Obtained another certificate, using key generator from Firefox (instead of IIS), same here :(
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
解决方案:对于那些可能遇到同样问题的人,
Google Chrome 和 Opera 似乎缓存了某种数据(以加速 SSL 握手?),并且如果服务器证书突然更改,这会导致 SSL 握手失败。
Solution: for those who might run into the same problem
It seems that some kind of data is cached (to speed up SSL handshake?) by Google Chrome and Opera, and this causes SSL handshake to fail if the server cert suddenly changes.