Continuent Documentation

Manual Home
Tungsten Clustering (for MySQL) 7.0 Manual
Page in Other Manuals
Tungsten Replicator 7.1 Manual
Tungsten Replicator 8.0 Manual
Tungsten Clustering (for MySQL) 7.1 Manual
Tungsten Replicator 6.1 Manual
Tungsten Clustering (for MySQL) 6.1 Manual
Tungsten Replicator 7.0 Manual
Tungsten Clustering (for MySQL) 8.0 Manual
Breadcrumbs
> Tungsten Clustering (for MySQL) 7.0 Manual

       > 5. Deployment: Security
Chapters
Preface
1. Introduction
2. Deployment
3. Deployment: MySQL Topologies
4. Deployment: Advanced
5. Deployment: Security
6. Operations Guide
7. Tungsten Connector
8. Tungsten Manager
9. Command-line Tools
10. The tpm Deployment Command
11. Tungsten REST APIv2
12. Replication Filters
13. Performance, Tuning and Testing
A. Release Notes
B. Prerequisites
C. Troubleshooting
D. Files, Directories, and Environment
E. Terminology Reference
F. Internals
G. Frequently Asked Questions (FAQ)
Navigate Up
5. Deployment: Security
Parent Sections
5.1. Enabling Security
5.2. Disabling Security
5.3. Creating Suitable Certificates
5.4. Installing from a Staging Host with Custom Certificates
5.5. Installing via INI File with Custom Certificates
5.6. Installing via INI File with CA-Signed Certificates
5.7. Replacing the JGroups Certificate from a Staging Directory
5.8. Replacing the TLS Certificate from a Staging Directory
5.9. Removing JGroups Encryption from a Staging Directory
5.10. Removing JGroups Encryption via INI File
5.11. Removing TLS Encryption from a Staging Directory
5.12. Removing TLS Encryption via INI File
5.13. Enabling Tungsten<>Database Security
5.3. Creating Suitable Certificates
Prev  ^UpChapter 5. Deployment: Security Next

5.3. Creating Suitable Certificates

5.3.1. Creating Tungsten Internal Certificates Manually

By default, tpm can automatically create suitable certificates and configuration for use in your deployment. To create the required certificates by hand, use one of the following procedures.

5.3.1. Creating Tungsten Internal Certificates Manually

To manually generate the security files, use the steps below:

  • Generating a JGroups Certificate

    Run this command to create the keystore in /etc/tungsten/secure. You may use your own location, but the values for -storepass and -keypass must be identical. 

    shell> keytool -genseckey -alias jgroups \
-validity 3650 \
-keyalg Blowfish -keysize 56 -keystore /etc/tungsten/secure/tungsten_jgroups_keystore.jceks \
-storepass mykeystorepass -keypass mykeystorepass \
-storetype JCEKS

  • Generating a TLS Certificate

    Run this command to create the keystore in /etc/tungsten/secure. You may use your own location, but the values for -storepass and -keypass must match. 

    shell> keytool -genkey -alias tls \
-validity 3650 \
-keyalg RSA -keystore /etc/tungsten/secure/tungsten_tls_keystore.jks \
-dname "cn=Continuent, ou=IT, o=Continuent, c=US" \
-storepass mykeystorepass -keypass mykeystorepass
Prev Up Next
5.2. Disabling Security  ^Level 5.4. Installing from a Staging Host with Custom Certificates
Copyright © 2025 Continuent, Ltd.1 (415) 529-4901Terms of UsePrivacy & CookiesLegal NoticeExhibits