Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Mobile 2.1
-
None
-
DOC-2019-S18-Sep06, DOC-2019-S19-Sep20
-
1
Description
The instructions specified in https://docs.couchbase.com/sync-gateway/2.5/security.html#x-509-certificates are not correct
- The instructions refer to these steps which discuss how to create server side certs. We should be pointing users to how client side certs are created. Please refer to https://docs.couchbase.com/server/6.0/manage/manage-security/configure-client-certificates.html and adapt for SGW
- Step 3 in listed instructions is fine. You must enable client based auth on server
- The instructions state "After completing step 3, you will have multiple files generated in the current directory. From the generated files, you must copy ca.pem, chain.pem and pkey.key to the machine where Sync Gateway is running."
- That is not right. The steps referred to are for generating server side certs. We must NOT copy over the pkey.key that corresponds to server on to the SGW
- We must create client certs and copy that to SGW
- Please Clarify the use of this config
- databases.$db.certpath : This should be SGW certs that you generate in Step1
- databases.$db.keypath :: This should be SGW private key that you generate in Step1
- databases.$db.cacertpath : This should be CBS cert
(CC Ben Brooks, Adam Fraser)