Enabling SSL for Couchdb v1.1

Having installed Couchdb v1.1 I wanted to take advantage of its native support for SSL. I found instructions at couchbase.org and on wiki.apache.org which got me through editing etc/couchdb/local.ini. Uncomment and edit lines in the [daemons] and [ssl] sections to look something like this:

<br />
[daemons]<br />
; enable SSL support by uncommenting the following line and supply the PEM's below.<br />
; the default ssl port CouchDB listens on is 6984<br />
httpsd = {couch_httpd, start_link, [https]}</p>
<p>[ssl]<br />
cert_file = /var/lib/couchdb/build-couchdb/build/etc/ssl/couch_cert.pem<br />
key_file = /var/lib/couchdb/build-couchdb/build/etc/ssl/couch_key.pem<br />

The most difficult part proved to be generating the required private key and self-signed certificate. couchbase.org has instructions, but they didn’t work for me. I followed openssl’s keys.txt to generate a non-password-protected private key, and certificates.txt to create a test certificate self-signed using the private key.

<br />
openssl genrsa -out couch_key.pem 4096<br />
openssl req -new -x509 -key couch_key.pem -out couch_cert.pem -days 1095<br />

Restart couchdb and test with curl:

<br />
sudo /etc/init.d/couchdb-1.1.0 restart<br />
curl -k https://atom:6984/<br />
# expect: {&quot;couchdb&quot;:&quot;Welcome&quot;,&quot;version&quot;:&quot;1.1.0&quot;}<br />

The troubleshooting tips on wiki.apache.org were helpful, in particular the suggestion to test using a known good private key and certificate from MochiWeb.

Comments are closed.