On 28 March 2017 at 20:44, Juan Garcia <[email protected]> wrote: > Dear FxA devs, > > First of all, thank you very much for your infinite patience! > > I have been trying to set the fxa servers with https for some days but > don't seem to be able to manage. I have the feeling I'm nearly there > though :) > > I am using (or plan on using) self-signed certificates and have > installed the whole thing on debian, which has a patch that forces > nodejs to use the system ca-autorities > (/etc/ssl/certs/ca-certificates.crt). I have added the CA with which I > have signed the certificates to the system using update-ca-certificates. > > I can create an account but verifying it doesn't seem to work. I had > this error: https://pastebin.mozilla.org/8983377
Are you sure that node is correctly using the updated system certificates? Can you successfully connect to the server using e.g. the builtin https module in node: https://nodejs.org/api/https.html#https_https_get_options_callback It certainly looks like an SSL mis-configuration of some kind. > I added "INSECURE_SSL": true, "REJECT_UNAUTHORIZED": false, to the > browserid-verifier env config (I have checked out the master and not > vladikoff's http branch) and it seems to work. Why I need this I don't > really understand. I would rather not do this if possible. > > After adding it I am getting another error (I think the profile server > can't contact the oauth server). It looks like this: > https://pastebin.mozilla.org/8982006 IIRC, there's a chain of requests here where profile-server talks to oauth-server, and oauth-server talks to auth-server. Have you configured each of these servers with the correct public-facing name of the others (i.e. not localhost or similar)? If you can use the above-linked `https.get()` method to try out all the connections in a nodejs shell, you might be able to capture an error with more information in it than the logfiles are giving you. I wish I could be more help but SSL issues can be pretty tricky to debug :-( Ryan _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
