How to: enable HTTPS endpoint for SG 3.1

fabiosst · June 22, 2023, 8:08pm

Hi all,

I’m using SG 3.1.0 and I’m using certificates signed by our own CA.
When using ISGR, I want to use HTTPS protocol for the remote target.

Actually when I set the https protocol I get the “X.509 Certificate Signed by Unknown Authority” error and the replication doesn’t start.
When using the HTTP I have no problems.

Here it is a sample of my bootstrap configuration:

bootstrap: {
      ca_cert_path: "string",
      password: "string",
      server: "string",
      username: "string"
},
api: {
      admin_interface: "127.0.0.1:4985",
      metrics_interface: "127.0.0.1:4986"
}

How can I achieve the use of HTTPS?

In the 2.8 version I’ve read about “SSLCert” and “SSLKey” field.
What fields should I set on the remote SG in the bootstrap configuration? (I already use ca_cert_path with our own CA)

mreiche · June 23, 2023, 12:14am

I’m using SG 3.1.0 and I’m using certificates signed by our own CA.
Actually when I set the https protocol I get the “X.509 Certificate Signed by Unknown Authority” error

It sounds like the ‘client’ does not recognize your CA as a valid CA. Typically, the solution is to make the root CA certificate accessible to the client. That would be bootstrap.ca_cert_path.

And the client certificate would be bootstrap.x509_cert_path.

Topic		Replies	Views
Couch Sync Gateway on MacOS Sierra Mobile	8	2012	September 29, 2016
How to enable SSL on Couchbase Server, Public API and Couchbase Sync Gateway Sync Gateway	6	2394	October 30, 2017
How to configure Sync Gateway and client to use Secure WebSocket (wss://host:ip) Sync Gateway dot-net	2	1675	August 2, 2019
Couchbase Sync Gateway upgrade from 2.6 to 3.1 Couchbase Server	1	252	April 9, 2024
Sync_gateway + SSL how to configure? Sync Gateway	5	2520	December 3, 2021

How to: enable HTTPS endpoint for SG 3.1

Related topics