Continuent Documentation

Manual Home
Tungsten Clustering (for MySQL) 7.0 Manual
Page in Other Manuals
Tungsten Replicator 7.0 Manual
Breadcrumbs
> Tungsten Clustering (for MySQL) 7.0 Manual

       > 5. Deployment: Security
Chapters
Preface
1. Introduction
2. Deployment
3. Deployment: MySQL Topologies
4. Deployment: Advanced
5. Deployment: Security
6. Operations Guide
7. Tungsten Connector
8. Tungsten Manager
9. Command-line Tools
10. The tpm Deployment Command
11. Tungsten REST API (APIv2)
12. Replication Filters
13. Performance, Tuning and Testing
A. Release Notes
B. Prerequisites
C. Troubleshooting
D. Files, Directories, and Environment
E. Terminology Reference
F. Internals
G. Frequently Asked Questions (FAQ)
H. Ecosystem Support
I. Configuration Property Reference
Navigate Up
5. Deployment: Security
Parent Sections
5.1. Enabling Security
5.2. Disabling Security
5.3. Creating Suitable Certificates
5.4. Installing from a Staging Host with Manually Generated Certificates
5.5. Installing via INI File with Manually Generated Certificates
5.6. Installing via INI File with CA-Signed Certificates
5.7. Replacing the JGroups Certificate from a Staging Directory
5.8. Replacing the TLS Certificate from a Staging Directory
5.9. Removing JGroups Encryption from a Staging Directory
5.10. Removing JGroups Encryption via INI File
5.11. Removing TLS Encryption from a Staging Directory
5.12. Removing TLS Encryption via INI File
5.13. Configuring Connector SSL
5.14. Enabling Database SSL
5.15. Configure Tungsten<>Database Secure Communication
5.3. Creating Suitable Certificates
Prev  ^UpChapter 5. Deployment: Security Next

5.3. Creating Suitable Certificates

By default, tpm can automatically create suitable certificates and configuration for use in your deployment. To create the required certificates by hand, use the following steps:

  • Generating a JGroups Certificate

    Run this command to create the keystore in /etc/tungsten/secure. You may use your own location, but the values for -storepass and -keypass must match. 

    shell> keytool -genseckey -alias jgroups \
  -validity 365 \
  -keyalg Blowfish -keysize 56 -keystore /etc/tungsten/secure/jgroups.jceks \
  -storepass mykeystorepass -keypass mykeystorepass \
  -storetype JCEKS

  • Generating a TLS Certificate

    Run this command to create the keystore in /etc/tungsten/secure. You may use your own location, but the values for -storepass and -keypass must match. 

    shell> keytool -genkey -alias tls \
  -validity 365 \
  -keyalg RSA -keystore /etc/tungsten/secure/tls.jks \
  -dname "cn=Continuent, ou=IT, o=Continuent, c=US" \
  -storepass mykeystorepass -keypass mykeystorepass
Prev Up Next
5.2. Disabling Security  ^Level 5.4. Installing from a Staging Host with Manually Generated Certificates
Copyright © 2021 Continuent, Ltd.(800) 270-9035Terms of UsePrivacy & CookiesLegal NoticeExhibits