While uploading node certificate through secure port we are getting error but same curl command works fine with unsecure port(8091). Could you please suggest how to upload same over secured port(18091).
*couchbase@prestovm1 servercertfiles]$ curl -X POST https://<xx.xx.xx.xx>:18091/node/controller/reloadCertificate -u cbadmin:cbadmin curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: curl - SSL CA Certificates curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. [couchbase@prestovm1 servercertfiles]$ curl -k -X POST https://<xx.xx.xx.xx>:18091/node/controller/reloadCertificate -u cbadmin:cbadmin curl: (52) Empty reply from server
The error “curl: (52) Empty reply from server” can appear if some other process (like the kv engine) is listening on the specified port. (which would be strange, since 18091 is the tls manager port).
This should reload the certificate. (I don’t have one). I get a 400 error.
% curl -k -v -X POST https://localhost:18091/node/controller/reloadCertificate -u Administrator:password
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 18091 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=Couchbase Server Node (127.0.0.1)
* start date: Oct 18 00:02:40 2022 GMT
* expire date: Jan 20 01:02:40 2025 GMT
* issuer: CN=Couchbase Server a261da35
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* Server auth using Basic with user 'Administrator'
> POST /node/controller/reloadCertificate HTTP/1.1
> Host: localhost:18091
> Authorization: Basic QWRtaW5pc3RyYXRvcjpwYXNzd29yZA==
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Cache-Control: no-cache,no-store,must-revalidate
< Connection: close
< Content-Length: 158
< Content-Type: application/json
< Date: Wed, 21 Dec 2022 18:37:03 GMT
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Pragma: no-cache
< Server: Couchbase Server
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Permitted-Cross-Domain-Policies: none
< X-XSS-Protection: 1; mode=block
<
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
"Unable to read certificate chain file /Users/michaelreiche/Library/Application Support/Couchbase/var/lib/couchbase/inbox/chain.pem. The file does not exist."