I have created a basic script which checks for an email in my inbox, and yesterday everything was working fine. But today all i get is a HTTP404 when I run the same code.
I suspect that outlook.office365.com might be throttling my requests since I ran this 1 time every minute for about 36 hours. But how can i tell if that is the case?
Here are my curl command:
curl https://outlook.office365.com/api/1.0/Me/folders/Inbox/messages -u login#email.outlook:password --insecure --show-error -H Content-Type:application/json -v
and the output:
* About to connect() to outlook.office365.com port 443 (#0)
* Trying 132.245.48.18... connected
* Connected to outlook.office365.com (132.245.48.18) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=US; ST=WA; L=Redmond; O=Microsoft Corporation; OU=Microsoft Corporation; CN=outlook.com
* start date: 2015-02-13 00:38:15 GMT
* expire date: 2016-02-13 00:38:15 GMT
* subjectAltName: outlook.office365.com matched
* issuer: C=US; ST=Washington; L=Redmond; O=Microsoft Corporation; OU=Microsoft IT; CN=Microsoft IT SSL SHA1
* SSL certificate verify ok.
* Server auth using Basic with user 'login#email.outlook'
> GET /api/1.0/Me/folders/Inbox/messages HTTP/1.1
> Authorization: Basic Ybase64stringU=
> User-Agent: curl/7.21.3 (x86_64-pc-linux-gnu) libcurl/7.21.3 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: outlook.office365.com
> Accept: */*
> Content-Type:application/json
>
< HTTP/1.1 404 Not Found
< Content-Length: 0
< Server: Microsoft-IIS/8.0
< request-id: d7967869-c282-4a28-9da2-6b80edd7d965
< Set-Cookie: ClientId=XXQW0EIP0KK9NUIRICS8BQ; expires=Fri, 28-Oct-2016 13:04:08 GMT; path=/; secure; HttpOnly
< X-CalculatedBETarget: AM2PR09MB0452.eurprd09.prod.outlook.com
< X-BackEndHttpStatus: 404
< X-DiagInfo: AM2PR09MB0452
< X-BEServer: AM2PR09MB0452
< X-Powered-By: ASP.NET
< X-FEServer: HE1PR01CA0033
< Date: Thu, 29 Oct 2015 13:04:08 GMT
<
* Connection #0 to host outlook.office365.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
any ideas?
If you had exceeded a quota, I would expect you would receive a 429 status code. Microsoft don't usually publish an exact threshold for their services as they reserve the right to adjust them...
so users can consume the maximum number of resources without degrading the reliability and performance
(The above quote is specifically in respect of Sharepoint, but given the lack of published limits for pretty much all REST APIs I imagine the principle holds).
The 404 would usually indicate something isn't quite right... if your user account was reasonably new it could indicate it hadn't propagated to all servers yet (although in your case that doesn't seem to be the issue as you must have had the account for >24 hours).
From a URL point of view... the v1 URL is outlook.office.com/api/v1.0/me/messages and the new beat URL is outlook.office.com/api/v1.0/me/messages these addresses seem to work for me... but I get a 404 if I use the address you are using... so double-check the URL.
Related
Recently we've added more users to our system and although the bandwidth usage is still in normal bounds and and server response is in normal bounds (after the tls handshake), the tls handshake can take between 1 and 2.5 seconds. Here the time between client hello and server hello was 1.5 seconds:
13:01:49.599739 * TLSv1.3 (OUT), TLS handshake, Client hello (1):
13:01:51.023274 * TLSv1.3 (IN), TLS handshake, Server hello (2):
We're running nodejs 16 with greenlock-express (I don't think that express or greenlock has anything to do with the handshake). Anyone have any ideas on how to find what's causing slow handshake? I noticed that after pm2 restart on the process the handshake is quick (at first), but I don't have any ideas as to why this should be:
13:20:24.977793 * TLSv1.3 (OUT), TLS handshake, Client hello (1):
13:20:25.063494 * TLSv1.3 (IN), TLS handshake, Server hello (2):
If we look at the whole log besides the delay between client and server hello - things are running smoothly.
:~$ curl -iv --trace-time https://{server name}
13:01:49.496453 * Rebuilt URL to: https://{server name}/
13:01:49.500927 * Trying 54.73.36.16...
13:01:49.500970 * TCP_NODELAY set
13:01:49.583976 * Connected to {server name} (54.73.36.16) port 443 (#0)
13:01:49.585712 * ALPN, offering h2
13:01:49.585791 * ALPN, offering http/1.1
13:01:49.599251 * successfully set certificate verify locations:
13:01:49.599324 * CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
13:01:49.599739 * TLSv1.3 (OUT), TLS handshake, Client hello (1):
13:01:51.023274 * TLSv1.3 (IN), TLS handshake, Server hello (2):
13:01:51.023566 * TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
13:01:51.023602 * TLSv1.3 (IN), TLS handshake, Unknown (8):
13:01:51.023679 * TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
13:01:51.023764 * TLSv1.3 (IN), TLS handshake, Certificate (11):
13:01:51.024257 * TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
13:01:51.024312 * TLSv1.3 (IN), TLS handshake, CERT verify (15):
13:01:51.024439 * TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
13:01:51.024504 * TLSv1.3 (IN), TLS handshake, Finished (20):
13:01:51.024599 * TLSv1.3 (OUT), TLS change cipher, Client hello (1):
13:01:51.024708 * TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
13:01:51.024785 * TLSv1.3 (OUT), TLS handshake, Finished (20):
13:01:51.024902 * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
13:01:51.024957 * ALPN, server accepted to use http/1.1
13:01:51.025023 * Server certificate:
13:01:51.025089 * subject: CN={server name}
13:01:51.025143 * start date: Oct 10 07:55:03 2022 GMT
13:01:51.025205 * expire date: Jan 8 07:55:02 2023 GMT
13:01:51.025273 * subjectAltName: host "{server name}" matched cert's "{server name}"
13:01:51.025341 * issuer: C=US; O=Let's Encrypt; CN=R3
13:01:51.025402 * SSL certificate verify ok.
13:01:51.025490 * TLSv1.3 (OUT), TLS Unknown, Unknown (23):
13:01:51.025584 > GET / HTTP/1.1
13:01:51.025584 > Host: {server name}
13:01:51.025584 > User-Agent: curl/7.58.0
13:01:51.025584 > Accept: */*
13:01:51.025584 >
13:01:51.139620 * TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
13:01:51.139776 * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
13:01:51.139981 * TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
13:01:51.140130 * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
13:01:51.221629 * TLSv1.3 (IN), TLS Unknown, Unknown (23):
13:01:51.221752 < HTTP/1.1 200 OK
HTTP/1.1 200 OK
13:01:51.221934 < X-Powered-By: Express
X-Powered-By: Express
13:01:51.222112 < Vary: Origin
Vary: Origin
13:01:51.222265 < Accept-Ranges: bytes
Accept-Ranges: bytes
13:01:51.222428 < Cache-Control: public, max-age=0
Cache-Control: public, max-age=0
13:01:51.222564 < Last-Modified: Sun, 13 Nov 2022 13:14:39 GMT
Last-Modified: Sun, 13 Nov 2022 13:14:39 GMT
13:01:51.222687 < ETag: W/"403-1847120b218"
ETag: W/"403-1847120b218"
13:01:51.222811 < Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
13:01:51.222946 < Content-Length: 1027
Content-Length: 1027
13:01:51.223068 < Set-Cookie: connect.sid=s%3AD0KBzxmVDIb8vYcBmtdTZ6bvRF17NT1Q.1c6pkFHEoNWHl%2F4OT6bqMkm1csE; Path=/; HttpOnly
Set-Cookie: connect.sid=s%3AD0KBzxmVDIb8vYcBmtdTZ6bvRF17NT1Q.1c6pkFHEoNWbqMkm1csE; Path=/; HttpOnly
13:01:51.223192 < Date: Tue, 22 Nov 2022 11:01:50 GMT
Date: Tue, 22 Nov 2022 11:01:50 GMT
13:01:51.223316 < Connection: keep-alive
Connection: keep-alive
13:01:51.223439 < Keep-Alive: timeout=5
Keep-Alive: timeout=5
13:01:51.223567 <
<!doctype html>
In the end there was no problem with the tls handshake...
Our problem was because of a large session database. The session manager demanded a lot of cpu for this (which stole the cpu away from other things like crypto).
We noticed this when running the a cpu profile in the chrome dev tools while running the server in --inspect. I decided to answer this question instead of deleting in case someone else comes cross the same thing. If you come across a problem in the tls handshake - then take a look at what's grabbing the cpu. In our case after we cleared out the session database, the handshake became consistently quick.
How to publish apim developer portal using rest api calls throw a shell script or using this repo https://github.com/Azure/api-management-developer-portal/tree/master/scripts.v3
Method-1
Got a hint from this link
https://stackoverflow.com/questions/63796030/powershell-script-to-publish-apim-developer-portal
I tried with curl with the below request but was getting a 401 response.
curl -v -X POST apim-instance1.developer.azure-api.net/publish -H "Authorization: SharedAccessSignature <SAS token> " -H "Content-Length: 0"
Below is the response
* Trying 52.224.143.217...
* TCP_NODELAY set
* Connected to apim-instance1.developer.azure-api.net (52.224.143.217) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=WA; L=Redmond; O=Microsoft Corporation; CN=*.azure-api.net
* start date: May 27 03:02:35 2021 GMT
* expire date: May 22 03:02:35 2022 GMT
* subjectAltName: host "apim-instance1.developer.azure-api.net" matched cert's "*.developer.azure-api.net"
* issuer: C=US; O=Microsoft Corporation; CN=Microsoft Azure TLS Issuing CA 02
* SSL certificate verify ok.
> POST /publish HTTP/1.1
> Host: apim-instance1.developer.azure-api.net
> User-Agent: curl/7.58.0
> Accept: */*
> Authorization: SharedAccessSignature ?sv=2020-08-04&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-08-16T18:31:43Z&st=2021-08-16T10:31:43Z&spr=https&sig=DH24e2dYqDRJtpmTDI%2FkXGt2p3Gt1P33YFvIOPDasB8%3D
> Content-Length: 0
>
< HTTP/1.1 401 Unauthorized
< Keep-Alive: timeout=5
< Content-Type: application/json; charset=utf-8
< ETag: W/"61-pSa4Ze4sjk2JIS8YUgBXS7akHjk"
< X-Powered-By: Express
< X-Content-Type-Options: nosniff
< X-Frame-Options: sameorigin
< X-XSS-Protection: 1; mode=block
< Access-Control-Allow-Origin: *
< Strict-Transport-Security: max-age=31536000;includeSubDomains;
< Date: Mon, 16 Aug 2021 11:05:27 GMT
< Content-Length: 97
<
* Connection #0 to host apim-instance1.developer.azure-api.net left intact
{"code":"Unauthorized","message":"Please ensure that Authorization header contains valid token."}
What should be the right access token to use with this bash command and where to get it from?
Method-2
Using this repo https://github.com/Azure/api-management-developer-portal/tree/master/scripts.v3, passing required values and running ./generate.sh I get below error or response
Going to upload the content in /home/devops/Downloads/api-management-developer-portal/dist/snapshot.
Importing...
Unable to complete import. Unable to upload media files. mime.getType is not a function
How can we publish apim developer portal using rest api calls throw a shell script or this
(https://github.com/Azure/api-management-developer-portal/tree/master/scripts.v3) nodejs repo scripts.
Can anyone help me over here
Method 3
Use ARM revisions API: https://learn.microsoft.com/en-us/rest/api/apimanagement/2021-01-01-preview/portal-revision/create-or-update
when loading the embed.js from Instagram (https://www.instagram.com/embed.js) the returned redirect contains a strange redirect URL (duplicate //www.instagram.com). This only occurs if I'm working on a mobile network (tested with T-Mobile and Vodafone Germany). It's fine at home with the DSL line.
curl -v4 https://www.instagram.com/embed.js
* Trying 31.13.92.174...
* TCP_NODELAY set
* Connected to www.instagram.com (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=CA; L=Menlo Park; O=Facebook, Inc.; CN=*.www.instagram.com
* start date: May 27 00:00:00 2019 GMT
* expire date: Aug 25 12:00:00 2019 GMT
* subjectAltName: host "www.instagram.com" matched cert's "www.instagram.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f8fc2007a00)
> GET /embed.js HTTP/2
> Host: www.instagram.com
> User-Agent: curl/7.54.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 302
< content-type: text/html; charset=utf-8
< location: https://www.instagram.com//www.instagram.com/static/bundles/metro/EmbedSDK.js/43531caab721.js
< cache-control: max-age=21600
< date: Fri, 12 Jul 2019 07:52:30 GMT
< x-fb-trip-id: 1679558926
<
* Connection #0 to host www.instagram.com left intact
I tried different HTTP versions but that didn't help. I recognized it first in a browser where the Instagram embeds didn't work when loading the page from a mobile network.
I guess I'm doing something wrong when embedding Instagram but I think I implemented the embed according to their documentation.
Can someone give me a hint?
Many thanks!
I want to make a GET request to https://www.bnro.ro/nbrfxrates.xml (the National Bank of Romania) to get the exchange rates for today.
While the XML document loads fine in the browser (tested in Safari and Chrome), it somehow fails in the terminal (checked with Node.js and curl):
$ curl -vL http://www.bnro.ro/nbrfxrates.xml
* Expire in 0 ms for 6 (transfer 0x7f8a5c009c00)
* Expire in 1 ms for 1 (transfer 0x7f8a5c009c00)
...
* Expire in 5 ms for 1 (transfer 0x7f8a5c009c00)
* Trying 194.102.208.89...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x7f8a5c009c00)
* Connected to www.bnro.ro (194.102.208.89) port 80 (#0)
> GET /nbrfxrates.xml HTTP/1.1
> Host: www.bnro.ro
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Fri, 14 Jun 2019 11:13:13 GMT
< Location: https://www.bnro.ro/nbrfxrates.xml
< Server: BigIP
< Content-Length: 0
< X-Cache: MISS from HS-F0
< X-Cache-Lookup: MISS from HS-F0:0
< Via: 1.1 HS-F0 (squid/3.4.8)
< Connection: keep-alive
<
* Connection #0 to host www.bnro.ro left intact
* Issue another request to this URL: 'https://www.bnro.ro/nbrfxrates.xml'
* Expire in 1 ms for 1 (transfer 0x7f8a5c009c00)
* Expire in 0 ms for 1 (transfer 0x7f8a5c009c00)
...
* Expire in 1 ms for 1 (transfer 0x7f8a5c009c00)
* Trying 194.102.208.89...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x7f8a5c009c00)
* Connected to www.bnro.ro (194.102.208.89) port 443 (#1)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
* successfully set certificate verify locations:
* CAfile: /opt/local/share/curl/curl-ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 1
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Both, curl and my Node.js app comaplain about the certificate.
In my Node.js script I get this error:
{ Error: unable to verify the first certificate
at TLSSocket.<anonymous> (_tls_wrap.js:1104:38)
at emitNone (events.js:105:13)
at TLSSocket.emit (events.js:207:7)
at TLSSocket._finishInit (_tls_wrap.js:638:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:468:38) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }
I tried to use the Copy as CURL command option from Chrome, and that does not work either.
Why is this happening? How can it be fixed?
a missing certificate bundle, read more about it here https://curl.haxx.se/docs/sslcerts.html but the TL;DR is download https://curl.haxx.se/ca/cacert.pem and run
curl -vL --cacert cacert.pem http://www.bnro.ro/nbrfxrates.xml
Probably it is a misconfigured server. They used a wrong cert file (i.e, cert.pem instead of fullchain.pem). For example, if you use the "Let's encrypt" CA and python's ssl.wrap_socket you should write something like
httpd.socket = ssl.wrap_socket (httpd.socket, certfile='path/to/fullchain.pem', keyfile=path/to/privkey.pem' ,server_side=True, ssl_version=ssl.PROTOCOL_TLSv1_2)
If firefox opens the server and you cannot change the server configs and have to use curl,
then download fullchain.pem via firefox (Security->View
Certificate-> Miscellaneous -> Download PEM Chain)
Now You can use curl with this chain.
curl --cacert downloaded_chain_for_the_site.pem https://site_name.com
concatenate the CA Intermediate Certificate into your domain certificate
cat intermediate.crt >> domain.crt
ssl_certificate ssl/domain.crt; //your nginx server block
I'm running CouchDB 1.6.1 on Windows 64bit server 2012 R2, usually we use nginx to manage the SSL however this time I've attempted using CouchDB directly.
Our SSL is a GlobalSign organizational SSL and I have the cert, private key and intermediate cert from the provider. I have setup my local.ini as follow:
[daemons]
; enable SSL support by uncommenting the following line and supply the PEM's below.
; the default ssl port CouchDB listens on is 6984
httpsd = {couch_httpd, start_link, [https]}
[ssl]
cert_file = ../ssl/organizational.crt
key_file = ../ssl/privatekeyfile.key
; set to true to validate peer certificates
;verify_ssl_certificates = false
; Path to file containing PEM encoded CA certificates (trusted
; certificates used for verifying a peer certificate). May be omitted if
; you do not want to verify the peer.
cacert_file = ../ssl/intermediate.crt
When I check via curl I get the following output:
curl -k -v https://companyURL.com:6984
* Rebuilt URL to: https://companyURL.com:6984/
* Hostname was NOT found in DNS cache
* Trying IP.IP.IP.IP...
* Connected to companyURL.com (IP.IP.IP.IP) port 6984 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384
* Server certificate:
* subject: C=GB; ST=LONDON; L=LONDON; OU=IT; O=COMPANY;CN=*.edge10hosted.org
* start date: 2015-03-27 14:18:04 GMT
* expire date: 2018-05-03 11:17:17 GMT
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - SHA256 - G2
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET / HTTP/1.1
> User-Agent: curl/7.39.0
> Host: companyURL.com:6984
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: CouchDB/1.6.1 (Erlang OTP/R16B02)
< Date: Tue, 31 Mar 2015 13:00:39 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 151
< Cache-Control: must-revalidate
<
{"couchdb":"Welcome","uuid":"34155abcacbffc53e67a224f5f1ea7c7","version":"1.6.1","vendor":{"version":"1.6.1","name":"The Apache Software Foundation"}}
* Connection #0 to host companyURL.com left intact
And running https://www.sslshopper.com/ssl-checker.html checks out fine.
CouchDB logs show
SSL: certify: tls_connection.erl:2286:Fatal error: decode error
Any thoughts as to what the issue could be as the certificates work fine elsewhere and via nginx.