vumc
January 3, 2015, 5:09am
1
How to connect from chrome/firefox browser on port 18091 ?
Getting self signed certificate in certificate chain - Verify return code: 19 error ?
Stacktrace:
C:\>openssl s_client -connect 127.0.0.1:18091 -showcerts
Loading ‘screen’ into random state - done
CONNECTED(000000E0)
depth=1 CN = Couchbase Server 77fd9d21
verify error:num=19:self signed certificate in certificate chain
verify return:0
Certificate chain
0 s:/CN=127.0.0.1
i:/CN=Couchbase Server 77fd9d21
-----BEGIN CERTIFICATE-----
MIIC6zCCAdWgAwIBAgIIE7MHqhszK0AwCwYJKoZIhvcNAQEFMCQxIjAgBgNVBAMT
GUNvdWNoYmFzZSBTZXJ2ZXIgNzdmZDlkMjEwHhcNMTMwMTAxMDAwMDAwWhcNNDkx
MjMxMjM1OTU5WjAUMRIwEAYDVQQDEwkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDW8HjTuLN87IcQpSSiokhSzqI3YqM/IwF26MIArQNG
Uf8uGy1x78QnWFVQ/4ng6iSeeKHMr7FQYDJT1TiWPiN1uM4vK0PXNxKkxJGeRpOX
xoQAdm+ER6LioyF8SWvzP0VMa7L2vdODJpYxOVqWbFMjUjDQJOlAp/trjnR5Cfwq
YaB6mpq+EnG7Xsug7DmwwKkYIpCDFctbBhKV5XGwd0sK8GsJegPHdpKMlKuLZflg
XUxFw9wchcBYFRA/jx1P1AS4ZmcqoNCXeFMKOr1d9YX8CUqO6mii+IclY0R3zGcV
38F/jgF6pvqv9cooACYBXQJv041w7MjYzIatb3lmnif5AgMBAAGjNTAzMA4GA1Ud
DwEB/wQEAwIAoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMAsG
CSqGSIb3DQEBBQOCAQEAQBADruTnFPRfuZHiyQAAQXpBdjcZucyE8yP9NGyWxmYM
kht1uSrnoWmmsFcCagBYyvw6gnCOEpHj/BHUtPFtKwVCtC+qemBSJJvkJ4WKJNfc
ipxPHUqshiB9J4suddPnlo8ASfeO+WgamUwKDlmTV9Tt8OUgYdtUxTolD2tEXz2/
nIQwUfWmE9w5Z0SaNj1g0HJ+acfkLKnwXQZz4tK2CsluYNh3yXSWjCSpYcEd6fPO
l3GR9BFR5NjBMR96cmikqvjNQuM9TnLbmnYcqdoNFy+vGnEMA9ETnSbE5DnKu9Tf
wHyhQk6vN/n91D17E7FNHA9pYlpTwYBdogMhaDYioQ==
-----END CERTIFICATE-----
1 s:/CN=Couchbase Server 77fd9d21
i:/CN=Couchbase Server 77fd9d21
-----BEGIN CERTIFICATE-----
MIIC/jCCAeigAwIBAgIIE7MHqV57FFQwCwYJKoZIhvcNAQEFMCQxIjAgBgNVBAMT
GUNvdWNoYmFzZSBTZXJ2ZXIgNzdmZDlkMjEwHhcNMTMwMTAxMDAwMDAwWhcNNDkx
MjMxMjM1OTU5WjAkMSIwIAYDVQQDExlDb3VjaGJhc2UgU2VydmVyIDc3ZmQ5ZDIx
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvisE/8YdTgkrau5kyllP
c7hp8ABPNOhUTeTrcZu5WtuWMhWBAwiYvwKnN9HIDGZqSKNfvy2bumhH50W1YkVH
7tGHgAYkPc+xckk5g7bJdHy8YPPo2pqd3QbSyaVLI4Qf8ipYR5r+6s7etK6fc10m
XGmcfoi7RWqj0B8UYnrau4eQDrm0QZ+oQgAcHQ1ldBtVsSLcMNPIpk3EQF/MqgjU
bIbQMa/fVtntHLfx388twfkqalk40C9StOeWFgDkhsi2A3fnfIjiQq2pBWB/duu2
W7WXNzGon8K89wng8u85J93JmKm6ZnmZF2dET2IjItNddCna1rKUpBaDJdE1fmKN
HQIDAQABozgwNjAOBgNVHQ8BAf8EBAMCAKQwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
DwYDVR0TAQH/BAUwAwEB/zALBgkqhkiG9w0BAQUDggEBAGwS9Q423svuTo/kl1TK
SB5HlAdJFELhqXI6+bObbckAH6pflh+HMw48lUofmrVIQH9wZQRTmIUW7+RMyjBF
Ik14mALOG6MMOTKD4MBBdumAjOR4zeerwoc7ErTU99fBzr/mhc3GJ3/7mJ9K85mO
t7j20SvhMeaEj535LGZoZyBZzaJwlfbm1WfrVf8PZBqOsarwNteZNHYFvp2h0MPN
kWv68S5UVRwFDEhIQ4mE9Cm0D4kwwOe96yOYj7XjXASHgMTNbEc2gEbU5OPpCg7T
iHp/IQX3tbNgWQu+TZNOyLYTSSKu6tNMAojB8FMCt2p59SOjcHKQbxCrtfPlBvvj
zbA=
-----END CERTIFICATE-----
Server certificate
subject=/CN=127.0.0.1
issuer=/CN=Couchbase Server 77fd9d21
No client certificate CA names sent
SSL handshake has read 2080 bytes and written 489 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
Session-ID: B86FF568FC9960BDAF899DCF059EF33AD490AC9F9EEEB60B09D435D6B1AF5EAD
Session-ID-ctx:
Master-Key: CD90E5FEA30C0DAB3B25E4E545137FB12BC27BEF2DF84DFE06C4E85AC8E569CE4D6D55661A763570B82866497A30F76A
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1420261118
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
don
March 9, 2016, 11:44pm
2
Hi,
With 4.5 Developer Preview now available, we have introduced X.509 certificate support.
Looking forward to your feedback on this new improvement. For more information check - http://developer.couchbase.com/documentation/server/4.5-dp/security-x509.html
Thanks,
Don Pinto
Product Manager, Couchbase