CouchDB now natively supports SSL from version 1.1.0 and onwards, assuming your underlying Erlang/OTP install supports it.

To enable it;

1) Enable the httpsd daemon by adding the following line to your local.ini or local_dev.ini (newly generated files include this setting but commented out);

[daemons]
httpsd = {couch_httpd, start_link, [https]}

2) tell CouchDB about your SSL server keys (PEM encoded);

[ssl]
cert_file = /full/path/to/server_cert.pem
key_file = /full/path/to/server_key.pem
;port = 6984

On windows, the path format needs to be one of the following:

3) Restart CouchDB.

CouchDB should now accept SSL connections on, by default, port 6984.

Troubleshooting

To ensure that the issue is not with your certificates, use the test ones from MochiWeb, and test from the command line using

curl -k -v https://127.0.0.1:6984/

You can test your certificates separately using:

openssl s_server -key <keyfile> -cert <certfile> -www
curl -k -v https://localhost:4433/

Notes

Current Erlang/OTP releases at R15B02 or earlier have a variety of minor issues cropping up with SSL. If your usage is expected to be heavy, you may wish to consider using an SSL wrapper, e.g. stunnel or haproxy or reverse / front-end proxies such as nginx or apache2 in place.

How_to_enable_SSL (last edited 2012-11-14 08:48:47 by chello084112019176)