Table of Contents
- 5.1. Enabling Security
- 5.2. Disabling Security
- 5.3. Creating Suitable Certificates
- 5.4. Installing from a Staging Host with Custom Certificates
- 5.5. Installing via INI File with Custom Certificates
- 5.6. Installing via INI File with CA-Signed Certificates
- 5.7. Replacing the JGroups Certificate from a Staging Directory
- 5.8. Replacing the TLS Certificate from a Staging Directory
- 5.9. Removing JGroups Encryption from a Staging Directory
- 5.10. Removing JGroups Encryption via INI File
- 5.11. Removing TLS Encryption from a Staging Directory
- 5.12. Removing TLS Encryption via INI File
- 5.13. Enabling Tungsten<>Database Security
Tungsten Cluster supports SSL, TLS and certificates for both communication and authentication for all components within the system. This security is disabled by default and includes:
Authentication between command-line tools (cctrl), and between background services.
SSL/TLS between command-line tools and background services.
SSL/TLS between Tungsten Replicator and datasources.
SSL/TLS between Tungsten Connector and datasources.
File permissions and access by all components.
The following graphic provides a visual representation of the various communication channels which may be encrypted.
For the key to the above diagram, please see ???.
If you are using a single staging directory to handle your complete installation, tpm will automatically create the necessary certificates for you. If you are using an INI based installation, then the installation process will create the certificates for you, however you will need to manually sync them between hosts prior to starting the various components.
Important
Due to a known issue in earlier Java revisions that may cause performance degradation with client connections, it is strongly advised that you ensure your Java version is one of the following MINIMUM releases before enabling SSL:
- Oracle JRE 8 Build 261
- Oracle JRE 11 Build 8
- OpenJDK 8 Build 222