Continuent Documentation

Manual Home
Tungsten Clustering (for MySQL) 7.1 Manual
Page in Other Manuals
Tungsten Replicator 7.1 Manual
Breadcrumbs
> Tungsten Clustering (for MySQL) 7.1 Manual

       > 10. The tpm Deployment Command

       > 10.5. tpm Commands

       > 10.5.2. tpm cert Command
Chapters
Preface
1. Introduction
2. Deployment
3. Deployment: MySQL Topologies
4. Deployment: Advanced
5. Deployment: Security
6. Operations Guide
7. Tungsten Connector
8. Tungsten Manager
9. Command-line Tools
10. The tpm Deployment Command
11. Tungsten REST API (APIv2)
12. Replication Filters
13. Performance, Tuning and Testing
A. Release Notes
B. Prerequisites
C. Troubleshooting
D. Files, Directories, and Environment
E. Terminology Reference
F. Internals
G. Frequently Asked Questions (FAQ)
H. Ecosystem Support
I. Configuration Property Reference
Navigate Up
10.5.2. tpm cert Command
Parent Sections
10.5.2.1. tpm cert Usage
10.5.2.2. tpm cert {typeSpec}, Defined
10.5.2.3. {typeSpec} definitions
10.5.2.4. {passwordSpec} definitions
10.5.2.5. tpm cert: Getting Started - Basic Examples
10.5.2.6. tpm cert: Getting Started - Functional Database Cert Rotation Example
10.5.2.7. tpm cert: Getting Started - Conversion to Custom-Generated Security Files Example
10.5.2.8. tpm cert: Getting Started - Advanced Example
10.5.2.9. Using tpm cert add
10.5.2.10. Using tpm cert aliases
10.5.2.11. Using tpm cert ask
10.5.2.12. Using tpm cert backup
10.5.2.13. Using tpm cert cat
10.5.2.14. Using tpm cert changepass
10.5.2.15. Using tpm cert clean
10.5.2.16. Using tpm cert copy
10.5.2.17. Using tpm cert diff
10.5.2.18. Using tpm cert example
10.5.2.19. Using tpm cert info
10.5.2.20. Using tpm cert list
10.5.2.21. Using tpm cert gen
10.5.2.22. Using tpm cert remove
10.5.2.23. Using tpm cert rotate
10.5.2.24. Using tpm cert vi
10.5.2.21. Using tpm cert gen
Prev  ^Up10.5.2. tpm cert Command Next

10.5.2.21. Using tpm cert gen

tpm cert gen is used to generate the specified typeSpec file(s). This is the core action since the tpm cert command is designed to streamline the generation of Tungsten-specific security files for use by the tpm install and tpm update commands.

Basic examples: 

shell> tpm cert gen all
shell> tpm cert gen batch
shell> tpm cert gen mysqlcerts
shell> tpm cert gen mysqlp12
shell> tpm cert gen tungsten
shell> tpm cert gen user

Advanced examples: 

shell> tpm cert gen P12_FILE,JK,TS,CJ,CT
shell> tpm cert gen pfx2p12,JK,TS,CJ,CT
shell> tpm cert gen pfx2p1
shell> tpm cert gen pfx2key
shell> tpm cert gen pfx2crt
shell> tpm cert gen crt2pem
shell> tpm cert gen P12_FILE

In addition to the standard {typeSpec} (Execute tpm cert help typespec for a full list) the following {typeSpec}s are also available:

Table 10.11. typeSpecs for tpm cert gen

OptionDescription
all, aRuns P12_FILE,tungsten
batch, bRuns typeSpec defined in BATCH envvar, comma-separated
crt2pemRequires database cert file CRT_FILE {.crt}. Generates .pem from .crt
env, eGenerates $CONTINUENT_ROOT/share/tungsten.env
mysqlcertsRuns 'sudo mysql_ssl_rsa_setup'. See note below.
mysqlp12Generates a p12 file from the configured MySQL client cert files if they exist [client-cert.pem, client-key.pem and ca.pem]. The new file will be created in {certsdir}: $CONTINUENT_ROOT/generated/client-cert.p12
pfxRuns pfx2p12,tungsten
pfx2crtRequires database cert file PFX_FILE {.pfx}, CERT_PASS. Generates .crt from .pfx
pfx2keyRequires database cert file PFX_FILE {.pfx}, CERT_PASS. Generates .key and .key.encrypted files from .pfx file
pfx2p12Requires database cert file PFX_FILE {.pfx}, STORE_PASS, CERT_PASS optional. Runs pfx2key,pfx2crt,crt2pem,P12_FILE
tungsten, tuRuns pre-defined: tl,jg,jk,ts,cj,ct,tj,tt,pw,jm
user, uRuns user-defined: TL,JG,JK,TS,CJ,CT,TJ,TT,PW,JM

Note

CERT_PASS is optional for Tungsten because usually database client certs do not have a password See Section 5.13.2, “Configure Tungsten<>Database Secure Communication”

Note

Further detail on mysqlcerts typeSpec:

mysqlcerts runs sudo mysql_ssl_rsa_setup, please see https://dev.mysql.com/doc/refman/5.7/en/mysql-ssl-rsa-setup.html

From the above docs: "If openssl is present, mysql_ssl_rsa_setup looks for default SSL and RSA files [ca.pem,server-cert.pem, server-key.pem] in the MySQL data directory specified by the --datadir option, or the compiled-in data directory if the --datadir option is not given. If any of those files are present, mysql_ssl_rsa_setup creates no SSL files. Otherwise, it invokes openssl to create them, plus some additional files:

  • ca.pem : Self-signed CA certificate

  • ca-key.pem : CA private key

  • server-cert.pem : Server certificate

  • server-key.pem : Server private key

  • client-cert.pem : Client certificate

  • client-key.pem : Client private key

Prev Up Next
10.5.2.20. Using tpm cert list  ^Level 10.5.2.22. Using tpm cert remove
Copyright © 2016-2023 Continuent, Ltd.(800) 270-9035Terms of UsePrivacy & CookiesLegal NoticeExhibits