The official documentation has moved to http://docs.couchdb.org — The transition is not 100% complete, but http://docs.couchdb.org should be seen as having the latest info. In some cases, the wiki still has some more or older info on certain topics inside CouchDB.

You need to be added to the ContributorsGroup to edit the wiki. But don't worry! Just email any Mailing List or grab us on IRC and let us know your user name.

CouchDB now natively supports SSL from version 1.1.0 and onwards, assuming your underlying Erlang/OTP install supports it.

To enable it;

1) Enable the httpsd daemon by adding the following line to your local.ini or local_dev.ini (newly generated files include this setting but commented out);

[daemons]
httpsd = {couch_httpd, start_link, [https]}

2) tell CouchDB about your SSL server keys (PEM encoded);

[ssl]
cert_file = /full/path/to/server_cert.pem
key_file = /full/path/to/server_key.pem
;port = 6984

On windows, the path format needs to be one of the following:

3) Restart CouchDB.

CouchDB should now accept SSL connections on, by default, port 6984.

Troubleshooting

To ensure that the issue is not with your certificates, use the test ones from MochiWeb, and test from the command line using

curl -k -v https://127.0.0.1:6984/

You can test your certificates separately using:

openssl s_server -key <keyfile> -cert <certfile> -www
curl -k -v https://localhost:4433/

Notes

Current Erlang/OTP releases at R15B02 or earlier have a variety of minor issues cropping up with SSL. If your usage is expected to be heavy, you may wish to consider using an SSL wrapper, e.g. stunnel or haproxy or reverse / front-end proxies such as nginx or apache2 in place.

How_to_enable_SSL (last edited 2012-11-14 08:48:47 by DaveCottlehuber)