Sync gateway certificate issues


#1

Hello.

We are doing some tests with Couchbase Server, Sync Gateway and Elastic Load Balancer from Amazon. We have tried the communication via HTTP from Phonegap application to backend database and we have no trouble with that architecture.
Our application will need to be secure, and we need to use the SSL feature of Sync gateway, we tried to use the self signed certificates from tests, trough our amazon test enviroment but we have the next error at the gateways:

http: TLS handshake error from XXX.XX.XX.XXX:49780: tls: first record does not look like a TLS handshake

or

401 User not authenticated.

We used self signed certificates with the name of Amazon balancer or EC2 Server and enterprise version of Sync Gateway 1.1.0 but still having the previous errors.

What features should the certificate need to have?
Can we test with a certificate from an authorized entity? Do you recommend a particular one?
Is it possible to use ELB with SSL? Do the certificate could be shared among ELB and Gateways?


#2

@faguirre

I am not familiar with Amazons ELB but googling returned this page.

It shows that you can configure ELB to do SSL termination and you can either use plain HTTP between ELB and SG or you can use HTTPS.

If you are using ELB SSL termination you could use HTTP between the ELB and your Sync Gateway instances, this would simplify your deployment.

Andy


#3

TLS handshake error indicates that the peer (the other side of the connection) isn’t using TLS/SSL.

401 User not authenticated means that the TLS connection is working but the HTTP auth failed, i.e. the request doesn’t include a valid Authorization header or session cookie.