Yup, they are:
[root@riak01 riak]# ls -al /etc/riak/ssl.*
-rw-r--r--. 1 root root 2122 Jul 12 16:49 /etc/riak/ssl.crt
-rw-r--r--. 1 root root 3272 Jul 12 16:49 /etc/riak/ssl.key
In fact, I straced the beam process to see if that would show anything
outside of what was showing up in the logs and noticed one thing that was
somewhat interesting. The process check to see if the cert and key files
are writeable (which they are not). On the off chance that that was
problematic, I changed the owner and group of the cert and key to be 'riak'
and the check for write access was succeeding, however it didn't change the
end result. Here is a snip from the strace before changing the owner and
group:
31520 stat("/etc/riak/ssl.crt", <unfinished ...>
31520 <... stat resumed> {st_mode=S_IFREG|0644, st_size=2122, ...}) = 0
31520 access("/etc/riak/ssl.crt", R_OK) = 0
31520 access("/etc/riak/ssl.crt", W_OK) = -1 EACCES (Permission denied)
...
31520 stat("/etc/riak/ssl.key", <unfinished ...>
31520 <... stat resumed> {st_mode=S_IFREG|0644, st_size=3272, ...}) = 0
31520 access("/etc/riak/ssl.key", R_OK) = 0
31520 access("/etc/riak/ssl.key", W_OK) = -1 EACCES (Permission denied)
And after:
31520 stat("/etc/riak/ssl.crt", <unfinished ...>
31520 <... stat resumed> {st_mode=S_IFREG|0644, st_size=2122, ...}) = 0
31520 access("/etc/riak/ssl.crt", R_OK) = 0
31520 access("/etc/riak/ssl.crt", W_OK) = 0
...
31520 stat("/etc/riak/ssl.key", <unfinished ...>
31520 <... stat resumed> {st_mode=S_IFREG|0644, st_size=3272, ...}) = 0
31520 access("/etc/riak/ssl.key", R_OK) = 0
31520 access("/etc/riak/ssl.key", W_OK) = 0
On Fri, Jul 13, 2012 at 1:34 PM, Dave Parfitt <dparf...@basho.com> wrote:
> Hi Michael -
>
> [root@riak01 riak]# openssl verify /etc/riak/ssl.crt
>>>>
>>>
> I see you are using root to create/verify these certs - are they readable
> by the riak user?
>
> - Dave
>
>
> On Jul 13, 2012, at 4:20 PM, Michael Johnson wrote:
>
> Nope. One key in the key file, one cert in the cert file. In fact, since
> this is a cert/key I generated just for testing purposes, I'll go ahead and
> post them:
>
> /etc/riak/ssl.key:
> -----BEGIN CERTIFICATE-----
> MIIF8TCCA9mgAwIBAgIJAKXZl+gEfanVMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
> VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLQ3VsdmVyIENp
> dHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxFDASBgNVBAMMC2V4YW1w
> bGUuY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0xMjA3
> MTIyMzQ5NTVaFw0yMjA3MTAyMzQ5NTVaMIGOMQswCQYDVQQGEwJVUzETMBEGA1UE
> CAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLQ3VsdmVyIENpdHkxHDAaBgNVBAoME0Rl
> ZmF1bHQgQ29tcGFueSBMdGQxFDASBgNVBAMMC2V4YW1wbGUuY29tMSAwHgYJKoZI
> hvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
> ADCCAgoCggIBAOamauTDKfz/aY8cB2H787C4/TzWYR9Wl28hukC/HmnkOsn8I+sE
> WLKm4A4ikrhbzIHMvESjaRhxAtlDDagDz++UyxMW/0+c481b/dOSI+5pBLdFdXdA
> 6b0Y7WuhKxwTBHBlt0v5fW8gF5u/4j0azUq56OUxKvKnz890nV0fgcBytyeNmRKr
> 5KAK/CAvZb2q1iyX9fDluIfC5KCgrXdVrD2BpdGsqUFWa8C5rZ4sDjW1tbWs/D7c
> Mi33In4Iraf300JxDfEyUgtGJK62Z8cgia2DhoFIrtBAzil6sCkd02ebPZ6z7KRc
> QUwWUXUA3zkfYat7nnVCXqxKDd8RyIX/BLm5WClmsgCcGAz2FtWTcskoikAFxRx0
> Tr2OzATCLH6tfRJ9kWNr7xCjLV3FXa4VcXMIUDorBWQD0rC6egZSehcGlnZCL/KL
> 6zfl1zHjhWXXvd1PIPdBaFVOL+ZVTkJ6W9GQ3mXW8DDBxxvqQautS4Mykd6uDjiv
> Xty5eTAwknuyOO3zDunsIbA1d/cJxq9teME/BVsTqzTXRmPSsNY54n6PYNouuqgs
> lpP5jTdQYR2lySPPtaGnpmJpRWGoWa6zBMn4QhZAdBuSR173YmbKyx2LPt1fcMMu
> OdAg/K8x6p8UCF2iDmMZFKBimZIzW1hWMEq2l4MX1r+tzhHYFs4fT0fpAgMBAAGj
> UDBOMB0GA1UdDgQWBBTtPvZYb6P5j5MtDVHiMXb2x93hljAfBgNVHSMEGDAWgBTt
> PvZYb6P5j5MtDVHiMXb2x93hljAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
> A4ICAQCEEDH0n8unUgxrpIAiw/zFcUIPIO/A7Ha6VmOV4a9sk+RdRspeBuLLxPIq
> f6imWEy9bIASBnGVCZ7XW6orltPgSoBiN8PSs8FzbyxbGkzqe0yYfzN+vV9WULtF
> ZV/arROCGsiEpujcb4ldhLj0DtzSCXeBwSA8wL2PeNu/ryyx3TwqwUWYkWbhWGKq
> /qxBZ0XrRyLhU2X76AU5QVeih2PX6u/suf81u14TLYWj8pIPme+LLgsAkKoW0UJy
> KUjIV4ELWTt5iXAAkCdq3+7ZBaSf98OrX+mGsRWHgEA3TgjtHdKWISeFebSXdBt0
> +Ytv9ZjYS9Cfa1X2BUYhvZV3SX6D0t/J6jAHhUrmsoO5zJx/kHiy4iyG7lKvI6HQ
> 5tuGnDL623nSQ3fIPzC9yfie5J3ofd9HzjLik04wGprV9pEODtMnUIu2MIJc2XUc
> LKC5H21uV970aRj4F1rsSNBFFNxrWEXyBYNJThHqfjmfYpB18MD1XB3ht30fzE+B
> 0GVM6ueTv3fh+15DUpjT+dtmAf3xw4fy04Wj6Kny2DLqZ+kkjxcK6OLOimCJBapx
> hKuPK0zfirPYaA9a1lhqoityMtrYMnNuIVT0EHVIU6j7U0Mz5kFSHGhnryVwrcVp
> fFjygSx8xC2TQwhCdFDFoBUCaGFnIzis17aWeX8tINpDz3K/Vg==
> -----END CERTIFICATE-----
>
>
> /etc/riak/ssl.crt:
> -----BEGIN PRIVATE KEY-----
> MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDmpmrkwyn8/2mP
> HAdh+/OwuP081mEfVpdvIbpAvx5p5DrJ/CPrBFiypuAOIpK4W8yBzLxEo2kYcQLZ
> Qw2oA8/vlMsTFv9PnOPNW/3TkiPuaQS3RXV3QOm9GO1roSscEwRwZbdL+X1vIBeb
> v+I9Gs1KuejlMSryp8/PdJ1dH4HAcrcnjZkSq+SgCvwgL2W9qtYsl/Xw5biHwuSg
> oK13Vaw9gaXRrKlBVmvAua2eLA41tbW1rPw+3DIt9yJ+CK2n99NCcQ3xMlILRiSu
> tmfHIImtg4aBSK7QQM4perApHdNnmz2es+ykXEFMFlF1AN85H2Gre551Ql6sSg3f
> EciF/wS5uVgpZrIAnBgM9hbVk3LJKIpABcUcdE69jswEwix+rX0SfZFja+8Qoy1d
> xV2uFXFzCFA6KwVkA9KwunoGUnoXBpZ2Qi/yi+s35dcx44Vl173dTyD3QWhVTi/m
> VU5CelvRkN5l1vAwwccb6kGrrUuDMpHerg44r17cuXkwMJJ7sjjt8w7p7CGwNXf3
> CcavbXjBPwVbE6s010Zj0rDWOeJ+j2DaLrqoLJaT+Y03UGEdpckjz7Whp6ZiaUVh
> qFmuswTJ+EIWQHQbkkde92Jmyssdiz7dX3DDLjnQIPyvMeqfFAhdog5jGRSgYpmS
> M1tYVjBKtpeDF9a/rc4R2BbOH09H6QIDAQABAoICABtYe6/nm6DNP1yiPBXX40p+
> hDekSxuGDqo0W3q1rgtr7bRo2nFQsJttwX6rhq2o5JQ3C9MvdJRbQbU0h/f1i7+h
> 6nm27kooFbIRSAS/fNcVSGPaLlUXMx8iR3PNReksMAiLZrHxQHfeXC4xD8ei19gW
> NpCFxcvDLZYxAz85Lw78Cs77sLxP+OkopD/EntFf4cijs5r+AWTHLIgGxMozNBqO
> tnQnfmGqt1fAK99m5cBkbMi/W6CwRprAhCxhJwWVEkz8TmTcTHHdvRehtKgdKXWS
> 9G17io5SQJ8WVrBpQtkzxJh+SH4sGenFc57lnZGOMOw92cmZNtRCa2aZGycX1x1c
> OU7s0n0xcnuAniKI+Ee3W2shK6vtQMR8Qsu6Ax2uF+UUJAomr/2bbD8hpk7zwPhO
> 5dQ6RJurWMPRxaK+/vy8+4E6BnwhJ4WsogXaf86409v8eWoy8BYGA3XiOxy7W0eK
> oKcs30Uvq61nqB8Nt/AvsJrYj1flHk/gHn3qBGJor23e92G7TQiBs/DjatD4AdkH
> k8E4b+zvtlI/i/WNuOMimLntKYFgDNnumi5MyZcngv0hYPqdHewvXV/9e6gTw/rn
> hl8m6BMW7bvbXxz0GYGnxCADTW3PWC5Qma+y2SoGNo0unp4VQ6AHPApV5gUvAGaY
> /RKs9CgzlAdphMpUjykBAoIBAQD97WGWoM4+bd9Nyrat1HAQRY+MW/vt67oaTnEV
> EIicwM6TMvyUiFIv6wdmMsyGzlqFwboRGo19WbZP+pIoC46Gs6fqq6Jr8cna5Gme
> n59e2zVxFY1CmCsdAXs5TaG72D4BJkNIWqIBb68jeDglYj5mKpvsDDo3Muqznx04
> uS6+QXKJITR7+sPWalWqeUPIHdIrs3V1BR3/9N1ItfLy8bN/anrTFIMjI+ulZ9xy
> jDitwWCxCMmIyTV0xz5oJ0RYcgnvKS7sRMoII0Q4L+ZBzosSl0U4ksRaZJuB/6ij
> zFUidbMPYVHgvnUx4i5SLY048gu62gyHsntyLUl0RbZB6texAoIBAQDoiGUqGSti
> FyLyPi3Rj00uCsCIeV3oexLXKIHsia+EuULtCJj2kJPFGtks+XC+acP4xEyRjdzr
> JR87uxI5y0FmgjKmEpL0Kn5yBG0N0ioVbnT8YDKywvRJg2z279vm6CrsjuQ8h+ph
> KVRJJEveImcCiuRbzJrBgWC2G4GWlCnLxsSLKfqrsghrCAKFmMqBvsu1hrfRFhCG
> 86CSV3/Jdofd8/up0Y0qMKHB20KFAm3tWceWqlcpdI7l0BDWg4vIBaXkST90Gm4a
> 0XJqfa1NqpuF1z5KZxXMlbHLd5RXqTtFCs/UpJwQSEnNiv3Po6SZI3CwGqYjUo1i
> bqub4uPDgzm5AoIBADDO0QQ38oyzZ8m3Hjf5bnTiOf5bq+gGeGYYD8phvDCNKufG
> VCBkt494WJq/RurefS3al94zwWCHvvBOlItX9VRU8gC8buLavdbyMo8H1YVRE0ui
> Pd3ADAFuSHYyQtUtcnWcGjCtIxitk/d4YypkYOQYapILo6D6i3xtKBvAFIkDYXWU
> SVdPUxdCpya2Wl37xWsa+oe8rRCGy4XvWzxxUvQ5zlQGTFKT0/aeKRRneXmEgwZk
> TwCY1EqXBZrVeWCawugSfW9ypXa8+J7oLhUWE0tGgkqmg1FwpydssciSPQb7oqhh
> J3DQiwxEkmy/TrbUZ4bJ5MCsgOfoZocP40F2V3ECggEBAJAz1ZjP1wmTk4ZqbPui
> RJii7lcz/LqpaDup0TihAgnq4cghJsrxSdJYHgo3/mT3LiLdiSZStYfVk5L1Jg5V
> MA+j+kjnB98HYzbN69tAU/zKbR39gjM9l0TnjfFtOg/uNoBQ9NVc7Eqo2K4rJilx
> aDQ5cfhD4EzUMOd+E1UQOQM4Fra+p8dGNtY5N2cmI59mdOnzy5aMel9WQmO+g26q
> ZQONxKnBXCun0QhpMs1NfmJM5OtYY4k/0UZPS8Hb/hli90ek7QbRRSq4bJ4BpjGd
> 9aiAnQ6C8w/WXVXyqDncpvbgB5a1JlsqmSowYcocj3ywb7emLxWEok1CmIWppNmg
> TXECggEBAIGhKrsG/F5hWEpw5NMU7/i0fWs0bP3uj7rQMbP7KvShl8mtQ5HLARU9
> 45Mv9bQeSfpzfwdEO6BuccVpMiQ1Kw4pXQxJb5Hx4QeAkjJHYmswHaRBbBGEOZHN
> lY37E2MN0Pe41IwyslSrD5p6DA1BKws00BkzkgP+voowmIKtZYuIy60lpPsPdsb1
> vblLLwrqITtWZ+i/+jS2Zhc/azzI4KH985OCXQjikLp+CZ3i2E90APj7sH1M0Bga
> ZoahWO2cnCWPY0Vx1gGVrz6fbDCx/nQB9EaWoNzDAOnEU0PBdKy9SnQBsO6RiEvV
> ZkUzSrUoBPilDSSotFgUZeHfxERupUU=
> -----END PRIVATE KEY-----
>
> On Fri, Jul 13, 2012 at 12:53 PM, Chris Meiklejohn
> <cmeiklej...@basho.com>wrote:
>
>> Hi Michael,
>>
>> Does either your cert/key file have two keys in it by chance? If so, one
>> of those is most likely an intermediary cert, which should be placed in
>> it's own file as outlined here (see intermediate authorities, cacertfile):
>>
>> http://wiki.basho.com/Riak-Control.html
>>
>> - Chris
>>
>> Christopher Meiklejohn
>> Software Engineer
>> Basho Technologies, Inc.
>>
>> On Fri, Jul 13, 2012 at 3:45 PM, Michael Johnson <m...@mediatemple.net>wrote:
>>
>>> I've also gave this a try a bit ago using a legit cert from an ssl
>>> provider with the same result. Are you also running on centos 6 using the
>>> binaries provided from http://downloads.basho.com/riak/CURRENT/
>>>
>>> If I need to build my own packages from source, I can do that, but I'd
>>> much prefer to use the pre-built binaries.
>>>
>>>
>>> On Fri, Jul 13, 2012 at 11:41 AM, John E. Vincent <
>>> lusis.org+riak-us...@gmail.com> wrote:
>>>
>>>> SSL is working for me (for riak-control) using self-signed
>>>> certificates. However I've not yet tried it with an external client.
>>>>
>>>> On Fri, Jul 13, 2012 at 2:34 PM, Michael Johnson <m...@mediatemple.net>
>>>> wrote:
>>>> > I've been having problems getting riak to function via https and have
>>>> not
>>>> > been able to find anything online that seems to help so far. I am
>>>> using a
>>>> > self-signed certificate (which is one I generated specifically for
>>>> this
>>>> > testing, and thus could post as it will not be used for anything
>>>> else) and
>>>> > have it stored as separate .crt and .key files. I've used open SSL to
>>>> > verify the certificate and it appears to be all good. Here is what
>>>> the
>>>> > relevant bits of my app.config look like (I can post the rest as
>>>> needed, but
>>>> > I'm trying to be consise):
>>>> >
>>>> > {http, [{"0.0.0.0", 8091}]},
>>>> > {https, [{"0.0.0.0", 8092}]},
>>>> > {ssl, [
>>>> > {certfile, "/etc/riak/ssl.crt"},
>>>> > {keyfile, "/etc/riak/ssl.key"}
>>>> > ]},
>>>> >
>>>> > Starting riak does not generate any errors, and 'riak-admin test'
>>>> works:
>>>> > [root@riak01 riak]# riak-admin test
>>>> > Attempting to restart script through sudo -u riak
>>>> > Successfully completed 1 read/write cycle to '
>>>> r...@riak01.mediatemple.net'
>>>> >
>>>> > Manuallly querying riak via http also works fine:
>>>> >
>>>> > [root@riak01 riak]# curl -k -vvv
>>>> > http://127.0.0.1:8091/riak/__riak_client_test__
>>>> > * About to connect() to 127.0.0.1 port 8091 (#0)
>>>> > * Trying 127.0.0.1... connected
>>>> > * Connected to 127.0.0.1 (127.0.0.1) port 8091 (#0)
>>>> >> GET /riak/__riak_client_test__ HTTP/1.1
>>>> >> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7
>>>> >> NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
>>>> >> Host: 127.0.0.1:8091
>>>> >> Accept: */*
>>>> >>
>>>> > < HTTP/1.1 200 OK
>>>> > < Vary: Accept-Encoding
>>>> > < Server: MochiWeb/1.1 WebMachine/1.9.0 (someone had painted it blue)
>>>> > < Date: Fri, 13 Jul 2012 18:03:13 GMT
>>>> > < Content-Type: application/json
>>>> > < Content-Length: 410
>>>> > <
>>>> > * Connection #0 to host 127.0.0.1 left intact
>>>> > * Closing connection #0
>>>> >
>>>> {"props":{"name":"__riak_client_test__","allow_mult":false,"basic_quorum":false,"big_vclock":50,"chash_keyfun":{"mod":"riak_core_util","fun":"chash_std_keyfun"},"dw":1,"last_write_wins":false,"linkfun":{"mod":"riak_kv_wm_link_walker","fun":"mapreduce_linkfun"},"n_val":1,"notfound_ok":true,"old_vclock":86400,"postcommit":[],"pr":0,"precommit":[],"pw":0,"r":1,"rw":1,"small_vclock":50,"w":1,"young_vclock":20}}
>>>> >
>>>> >
>>>> > But the minute I try to connect via https I have problems:
>>>> >
>>>> > [root@riak01 riak]# curl -k -vvv
>>>> > https://127.0.0.1:8092/riak/__riak_client_test__
>>>> > * About to connect() to 127.0.0.1 port 8092 (#0)
>>>> > * Trying 127.0.0.1... connected
>>>> > * Connected to 127.0.0.1 (127.0.0.1) port 8092 (#0)
>>>> > * Initializing NSS with certpath: sql:/etc/pki/nssdb
>>>> > * warning: ignoring value of ssl.verifyhost
>>>> > * NSS error -5938
>>>> > * Closing connection #0
>>>> > * SSL connect error
>>>> > curl: (35) SSL connect error
>>>> >
>>>> > And I see the following in the logs:
>>>> >
>>>> > console.log:
>>>> > 2012-07-13 11:05:52.023 [error] <0.5313.0> CRASH REPORT Process
>>>> <0.5313.0>
>>>> > with 0 neighbours crashed with reason:
>>>> > {ekeyfile,[{gen_fsm,init_it,6},{proc_lib,init_p_do_apply,3}]}
>>>> > 2012-07-13 11:05:52.026 [error] <0.134.0> Supervisor
>>>> ssl_connection_sup had
>>>> > child undefined started with {ssl_connection,start_link,undefined} at
>>>> > <0.5313.0> exit with reason ekeyfile in context child_terminated
>>>> > 2012-07-13 11:05:52.031 [error] <0.139.0> application: mochiweb,
>>>> "Accept
>>>> > failed error", "{error,ekeyfile}"
>>>> > 2012-07-13 11:05:52.033 [error] <0.139.0> CRASH REPORT Process
>>>> <0.139.0>
>>>> > with 0 neighbours crashed with reason: {error,accept_failed}
>>>> > 2012-07-13 11:05:52.035 [error] <0.135.0>
>>>> > {mochiweb_socket_server,310,{acceptor_error,{error,accept_failed}}}
>>>> >
>>>> > crash.log:
>>>> > 2012-07-13 11:05:52 =ERROR REPORT====
>>>> >
>>>> [83,83,76,58,32,"1112",58,32,"error",58,"[]",32,"/etc/riak/ssl.key","\n",32,32,[91,[[123,["ssl_connection",44,"init_private_key",44,"5"],125],44,10,"
>>>> > ",[123,["ssl_connection",44,"ssl_init",44,"2"],125],44,10,"
>>>> > ",[123,["ssl_connection",44,"init",44,"1"],125],44,10,"
>>>> > ",[123,["gen_fsm",44,"init_it",44,"6"],125],44,10,"
>>>> >
>>>> ",[123,["proc_lib",44,"init_p_do_apply",44,"3"],125]],93],"\n"]2012-07-13
>>>> > 11:05:52 =CRASH REPORT====
>>>> > crasher:
>>>> > initial call: ssl_connection:init/1
>>>> > pid: <0.5313.0>
>>>> > registered_name: []
>>>> > exception exit: ekeyfile
>>>> > in function gen_fsm:init_it/6
>>>> > in call from proc_lib:init_p_do_apply/3
>>>> > ancestors: [ssl_connection_sup,ssl_sup,<0.130.0>]
>>>> > messages: []
>>>> > links: [<0.134.0>]
>>>> > dictionary: []
>>>> > trap_exit: false
>>>> > status: running
>>>> > heap_size: 1597
>>>> > stack_size: 24
>>>> > reductions: 1185
>>>> > neighbours:
>>>> > 2012-07-13 11:05:52 =SUPERVISOR REPORT====
>>>> > Supervisor: {local,ssl_connection_sup}
>>>> > Context: child_terminated
>>>> > Reason: ekeyfile
>>>> > Offender:
>>>> >
>>>> [{pid,<0.5313.0>},{name,undefined},{mfargs,{ssl_connection,start_link,undefined}},{restart_type,temporary},{shutdown,4000},{child_type,worker}]
>>>> >
>>>> > 2012-07-13 11:05:52 =ERROR REPORT====
>>>> > [{application,mochiweb},"Accept failed
>>>> error","{error,ekeyfile}"]2012-07-13
>>>> > 11:05:52 =CRASH REPORT====
>>>> > crasher:
>>>> > initial call: mochiweb_acceptor:init/3
>>>> > pid: <0.139.0>
>>>> > registered_name: []
>>>> > exception exit: {error,accept_failed}
>>>> > in function mochiweb_acceptor:init/3
>>>> > in call from proc_lib:init_p_do_apply/3
>>>> > ancestors: ['https_0.0.0.0:8092',riak_core_sup,<0.88.0>]
>>>> > messages: []
>>>> > links: [<0.135.0>,#Port<0.5661>]
>>>> > dictionary: []
>>>> > trap_exit: false
>>>> > status: running
>>>> > heap_size: 233
>>>> > stack_size: 24
>>>> > reductions: 818
>>>> > neighbours:
>>>> > 2012-07-13 11:05:52 =ERROR REPORT====
>>>> > {mochiweb_socket_server,310,{acceptor_error,{error,accept_failed}}}
>>>> >
>>>> > erlang.log.1 and error.log (which are identical):
>>>> > 11:05:52.018 [error] SSL: 1112: error:[] /etc/riak/ssl.key
>>>> > [{ssl_connection,init_private_key,5},
>>>> > {ssl_connection,ssl_init,2},
>>>> > {ssl_connection,init,1},
>>>> > {gen_fsm,init_it,6},
>>>> > {proc_lib,init_p_do_apply,3}]
>>>> >
>>>> > 11:05:52.023 [error] CRASH REPORT Process <0.5313.0> with 0 neighbours
>>>> > crashed with reason:
>>>> > {ekeyfile,[{gen_fsm,init_it,6},{proc_lib,init_p_do_apply,3}]}
>>>> > 11:05:52.026 [error] Supervisor ssl_connection_sup had child undefined
>>>> > started with {ssl_connection,start_link,undefined} at <0.5313.0> exit
>>>> with
>>>> > reason ekeyfile in context child_terminated
>>>> > 11:05:52.031 [error] application: mochiweb, "Accept failed error",
>>>> > "{error,ekeyfile}"
>>>> > 11:05:52.033 [error] CRASH REPORT Process <0.139.0> with 0 neighbours
>>>> > crashed with reason: {error,accept_failed}
>>>> > 11:05:52.035 [error]
>>>> > {mochiweb_socket_server,310,{acceptor_error,{error,accept_failed}}}
>>>> >
>>>> >
>>>> > Everything I am finding says this means my key file is bad. However,
>>>> as
>>>> > previously mentioned, I've verified this with openssl:
>>>> >
>>>> > [root@riak01 riak]# openssl verify /etc/riak/ssl.crt
>>>> > /etc/riak/ssl.crt: C = US, ST = California, L = Culver City, O =
>>>> Default
>>>> > Company Ltd, CN = example.com, emailAddress = ad...@example.com
>>>> > error 18 at 0 depth lookup:self signed certificate
>>>> > OK
>>>> >
>>>> > [root@riak01 riak]# ( openssl x509 -noout -modulus -in
>>>> /etc/riak/ssl.crt |
>>>> > openssl md5; openssl rsa -noout -modulus -in /etc/riak/ssl.key |
>>>> openssl md5
>>>> > ) | uniq
>>>> > (stdin)= b3d4187d8472f2d0b73cf5597d5d65b8
>>>> >
>>>> >
>>>> > I'm just really not sure what else to look at. Everything seems to
>>>> be fine
>>>> > except for that fact it's not working. Does anybody have SSL working
>>>> with
>>>> > self-signed certificate using the basho provided binary packages on
>>>> CentOS
>>>> > 6.3? I'm beginning to thing that they might be the problem and I just
>>>> don't
>>>> > know where to go from here.
>>>> >
>>>> > Any suggestions will be appreciated.
>>>> >
>>>> > _______________________________________________
>>>> > riak-users mailing list
>>>> > riak-users@lists.basho.com
>>>> > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>>>> >
>>>>
>>>
>>>
>>> _______________________________________________
>>> riak-users mailing list
>>> riak-users@lists.basho.com
>>> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>>>
>>>
>>
> _______________________________________________
> riak-users mailing list
> riak-users@lists.basho.com
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>
>
>
_______________________________________________
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
