LetsEncrypt Certificate Woes
35 views
Skip to first unread message
vis...@bitloka.com
May 22, 2018, 12:31:12 AM5/22/18
to RavenDB - 2nd generation document database
LetsEncrypt Certificate is installed on the server on which RavenDB is running. Client certificate generated & RavenDB is configured.
The app is able to talk to RavenDB.
We can connect remotely using Mozilla & Postman.
But no matter what we do, we are unable to connect to RavenDB via Chrome / Edge. (Gives Authentication Error Occurred).
LetsEncrypt entry is present in intermediate CA (issued by DST Root CA 3)
Any work around?
Oren Eini (Ayende Rahien)
May 22, 2018, 1:30:44 AM5/22/18
to ravendb
Are you talking from the same machine? Remote machine?
What is the exact error used?
What is the OS the server is running on?
Hibernating Rhinos Ltd
Oren Eini l CEO l Mobile: + 972-52-548-6969
Office: +972-4-622-7811 l Fax: +972-153-4-622-7811
--
You received this message because you are subscribed to the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Vishal Honnatti
May 22, 2018, 1:57:05 AM5/22/18
to rav...@googlegroups.com
RavenDB is running on Ubuntu 16.04 LTS.
We tested a simple App both from the same machine as server and also from a remote machine. - Works
Mozilla / Postman were tested from remote machine. - Works
On Edge / Chrome - while connecting to studio - we see
--
You received this message because you are subscribed to a topic in the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ravendb/sqm7RlQOc-c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ravendb+unsubscribe@googlegroups.com.
Oren Eini (Ayende Rahien)
May 22, 2018, 2:00:18 AM5/22/18
to ravendb
Did you install the client cert in chrome?
Vishal Honnatti
May 22, 2018, 2:00:48 AM5/22/18
to rav...@googlegroups.com
Yes
Oren Eini (Ayende Rahien)
May 22, 2018, 2:07:03 AM5/22/18
to ravendb
To verify, you installed the pfx, not the cer, right?
Vishal Honnatti
May 22, 2018, 2:08:12 AM5/22/18
to rav...@googlegroups.com
Yes. We installed pfx.
Oren Eini (Ayende Rahien)
May 22, 2018, 2:18:19 AM5/22/18
to ravendb
Given that FireFox works, it is really strange.
Can you try checking with wireshark what is being sent over?
Vishal Honnatti
May 22, 2018, 2:20:52 AM5/22/18
to rav...@googlegroups.com
On the error page Chrome actually shows the green lock and clicking on it provides the info about certificate. It also mentions that the certificate is valid.
Yes I did install wireshark for the purpose but couldn't manage time to try it out. I guess I'll need sometime to get around to it. Is there anything specific that I should look for?
Oren Eini (Ayende Rahien)
May 22, 2018, 2:26:08 AM5/22/18
to ravendb
Basically, we want to look at the negotiation between Chrome and RavenDB
To figure out why it isn't sending a cert.
We usually see this if the private key is not installed
Oren Eini (Ayende Rahien)
May 22, 2018, 2:26:17 AM5/22/18
to ravendb
Oh, also, try this from incognito window, please
Judah Gabriel Himango
May 23, 2018, 10:19:11 AM5/23/18
to RavenDB - 2nd generation document database
Also, if you haven't already, make sure you have restarted Chrome and Edge. (Meaning, all instances have closed, then start.) I've been bitten by this more than once! :-)
Yes. We installed pfx.
Yes
To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ravendb/sqm7RlQOc-c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ravendb+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
--
You received this message because you are subscribed to the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+u...@googlegroups.com.
--
You received this message because you are subscribed to a topic in the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ravendb/sqm7RlQOc-c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ravendb+u...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+u...@googlegroups.com.
--
You received this message because you are subscribed to a topic in the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ravendb/sqm7RlQOc-c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ravendb+u...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+u...@googlegroups.com.
--
You received this message because you are subscribed to a topic in the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ravendb/sqm7RlQOc-c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ravendb+u...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+u...@googlegroups.com.
Vishal Honnatti
May 23, 2018, 9:16:34 PM5/23/18
to rav...@googlegroups.com
I've done that but no luck. Wireshark seems to be the next step. But that's for the weekend!
To unsubscribe from this group and all its topics, send an email to ravendb+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages