Skip to main content
Tungsten Clustering

Installing with Custom Certificates

Follow the steps in "Creating Suitable Certificates" to create JGroups and TLS certificates.

Depending on your method of installation (INI vs. Staging) follow the appropriate section below for the steps to use the customer certificates.

INI File with Manually-Generated Certificates

  1. Transfer the generated certificates to the same path on all hosts.

  2. Update your configuration to specify these certificates and the keystore password:

    java-tls-keystore-path=/etc/tungsten/secure/tungsten_tls_keystore.jks
    java-jgroups-keystore-path=/etc/tungsten/secure/tungsten_jgroups_keystore.jceks
    java-keystore-password=mykeystorepass

INI File with Certificates generated by tpm cert

Version availability

Available in 7.1.0 and later.

Available as of Version 7.1.0, the tpm cert command can perform the generation steps for you.

The files generated by tpm cert will be located in the $CONTINUENT_ROOT/generated directory by default.

  1. Transfer the generated certificates to the same path on all hosts using your preferred method.

    Available as of Version 7.1.0, the tpm copy command can copy the generated files to all hosts for you if you have password-less SSH configured to all nodes.

    ## Perform a dry-run pass (-n) to test SSH
    ## and display the commands that would have been run
    ## to copy the generated files
    shell> tpm copy --gen -n

    ## Copy the generated files
    ## and display the command executed (-x)
    shell> tpm copy --gen -x

  2. Update your configuration to specify these certificates and the keystore password:

    java-tls-keystore-path=/opt/continuent/generated/tungsten_tls_keystore.jks
    java-jgroups-keystore-path=/opt/continuent/generated/tungsten_jgroups_keystore.jceks
    java-keystore-password=mykeystorepass

Staging Host with Manually-Generated Certificates

shell> tools/tpm configure SERVICE \
  --java-tls-keystore-path=/etc/tungsten/secure/tungsten_tls_keystore.jks \
  --java-jgroups-keystore-path=/etc/tungsten/secure/tungsten_jgroups_keystore.jceks \
  --java-keystore-password=mykeystorepass

Staging Host with Certificates generated by tpm cert

Version availability

Available in 7.1.0 and later.

Available as of Version 7.1.0, the tpm cert command can perform the generation steps for you.

The files generated by tpm cert will be located in the $CONTINUENT_ROOT/generated directory by default.

shell> tools/tpm configure SERVICE \
  --java-tls-keystore-path=/opt/continuent/generated/tungsten_tls_keystore.jks \
  --java-jgroups-keystore-path=/opt/continuent/generated/tungsten_jgroups_keystore.jceks \
  --java-keystore-password=mykeystorepass