Enabling SSL for Couchdb v1.1

Having installed Couchdb v1.1 I wanted to take advantage of its native support for SSL. I found instructions at couchbase.org and on wiki.apache.org which got me through editing etc/couchdb/local.ini. Uncomment and edit lines in the [daemons] and [ssl] sections to look something like this:

; enable SSL support by uncommenting the following line and supply the PEM's below.
; the default ssl port CouchDB listens on is 6984
httpsd = {couch_httpd, start_link, [https]}

cert_file = /var/lib/couchdb/build-couchdb/build/etc/ssl/couch_cert.pem
key_file = /var/lib/couchdb/build-couchdb/build/etc/ssl/couch_key.pem

The most difficult part proved to be generating the required private key and self-signed certificate. couchbase.org has instructions, but they didn’t work for me. I followed openssl’s keys.txt to generate a non-password-protected private key, and certificates.txt to create a test certificate self-signed using the private key.

openssl genrsa -out couch_key.pem 4096
openssl req -new -x509 -key couch_key.pem -out couch_cert.pem -days 1095

Restart couchdb and test with curl:

sudo /etc/init.d/couchdb-1.1.0 restart
curl -k https://atom:6984/
# expect: {"couchdb":"Welcome","version":"1.1.0"}

The troubleshooting tips on wiki.apache.org were helpful, in particular the suggestion to test using a known good private key and certificate from MochiWeb.

Comments are closed.