Configuring SSL

One of the core features of Couchbase Server is support for encryption of data over the wire between the client and the cluster. This is done through Secure Socket Layer (SSL) encryption. You can use SSL to secure the data that moves between your application and the cluster.

To use SSL you need to install an SSL certificate obtained form Couchbase Server on your application server and then configure the client.

Installing the SSL certificate

To obtain and install the SSL certificate:

  1. Open a browser and navigate to the Couchbase Administration Console of the cluster you want your client to connect to.
  2. Click Settings > Cluster.
  3. In the Configuration section, click Show to display the certificate.
  4. Copy the entire content of the certificate and store it in a file with a .crt extension on the application server you want to install the certificate on.
  5. After you have the certificate on the application server, you need to import it into the local computer certificate store. On Windows, you can do this by using the certificate MMC snap-in: certlm.
  6. Under the Trusted Root Certification Authorities root node, right-click Certificates > Import.
  7. Follow the wizard to import the certificate you stored on disk.

Configuring the client

After you have the certificate installed on your application server, to enable SSL on the client either set the UseSsl property on the ClientConfiguration or BucketConfiguration to true. Alternatively, you can set the UseSsl property within your Web.Config or App.Config if you are not doing your configuration programmatically.