2.7. Deploying SSL Secured Replication and Administration
Continuent Tungsten supports encrypted communication between replication hosts.
SSL can be employed at two different levels within the configuration,
encryption of the THL communication channel used to transfer database
events, and encryption (and implied authentication) of the JMX remote method
invocation (RMI) used to administer services remotely within Continuent Tungsten.
To use SSL you must be using a Java Runtime Environment or Java Development
Kit 1.5 or later. SSL is implemented through the
socket interface class.
You will also need an SSL certificate. These can either be self-generated or
obtained from an official signing authority. The certificates themselves
must be stored within a Java keystore and truststore. To create your
certificates and add them to the keystore or truststore, see
Section 2.7.1, “Creating the Truststore and Keystore”. Instructions are provided for
self-generated, self-signed, and officially signed versions of the necessary
For JMX RMI authentication, a password file and authentication definition
must also be generated. This information is required by the JMX system to
support the authentication and encryption process. See
Section 2.7.2, “SSL and Administration Authentication” for more information.
Once the necessary files are available, you need to use
tpm to install, or update an existing installation with
the SSL configuration. See Section 2.7.3, “Configuring the Secure Service through tpm”.
Although not strictly required for installation, it may be useful to have
the OpenSSL package installed. This contains a number of tools and
utilities for dealing with certificate authority and general SSL