googlecouchdb

Create an SSL certificate for CouchDB

OpenSSL is required to create an SSL certificate. A certificate request can then be sent to a certificate authority (CA) to get it signed into a certificate, or if you have your own certificate authority, you may sign it yourself, or you can use a self-signed certificate (because you just want a test certificate or because you are setting up your own CA).

NOTE: OpenSSL will typically already be installed on Linux and Mac OS X. If not installed, install it manually using your operating system’s package manager.

Follow the steps below:

  • Generate a new private key:

      $ sudo openssl genrsa -out /opt/bitnami/couchdb/etc/server.key 2048
    
  • Create a certificate:

      $ sudo openssl req -new -key /opt/bitnami/couchdb/etc/server.key -out /opt/bitnami/couchdb/etc/cert.csr
    

    IMPORTANT: Enter the server domain name when the above command asks for the “Common Name”.

  • Send cert.csr to the certificate authority. When the certificate authority completes their checks (and probably received payment from you), they will hand over your new certificate to you.

  • Until the certificate is received, create a temporary self-signed certificate:

      $ sudo openssl x509 -in /opt/bitnami/couchdb/etc/cert.csr -out /opt/bitnami/couchdb/etc/server.crt -req -signkey /opt/bitnami/couchdb/etc/server.key -days 365
    
  • Back up your private key in a safe location after generating a password-protected version as follows:

      $ sudo openssl rsa -des3 -in /opt/bitnami/couchdb/etc/server.key -out privkey.pem
    

    Note that if you use this encrypted key in the CouchDB configuration file, it will be necessary to enter the password manually every time CouchDB starts. Regenerate the key without password protection from this file as follows:

      $ sudo openssl rsa -in privkey.pem -out /opt/bitnami/couchdb/etc/server.key
    
  • Change the permissions of the certificate and the private key files so they are both readable by the CouchDB service:

      $ sudo chown couchdb /opt/bitnami/couchdb/etc/server.crt /opt/bitnami/couchdb/etc/server.key
    

Find more information about certificates at http://www.openssl.org.

Last modification December 21, 2022