By default, tpm can automatically create suitable certificates and configuration for use in your deployment. To create the required certificates by hand, use one of the following procedures.
Available as of Version 7.1.0, the tpm cert command will perform the generation steps for you.
Generating a JGroups Certificate
Run this command to create the JGroups keystore
tungsten_jgroups_keystore.jceks
in
$CONTINUENT_ROOT/generated
. You may use your
own location, please see
Section 10.5.2.8, “tpm cert: Getting Started - Advanced Example” for
the steps required to do so.
## Perform a dry run generation of the file shell>tpm cert gen jgroups_keystore --dryrun
## Perform a dry run generation of the file, using the shorter syntax, same as above shell>tpm cert gen jg -n
## Generate the file, displaying the command executed with -x shell>tpm cert gen jg -x
Generating a TLS Certificate
Run this command to create the TLS keystore
tungsten_tls_keystore.jks
in
$CONTINUENT_ROOT/generated
. You may use your
own location, please see
Section 10.5.2.8, “tpm cert: Getting Started - Advanced Example” for
the steps required to do so.
## Perform a dry run generation of the file shell>tpm cert gen tls_keystore --dryrun
## Perform a dry run generation of the file, using the shorter syntax, same as above shell>tpm cert gen tls -n
## Generate the file, displaying the command executed with -x shell>tpm cert gen tls -x
To manually generate the security files, use the steps below:
Generating a JGroups Certificate
Run this command to create the keystore in
/etc/tungsten/secure
. You may use your own
location, but the values for
-storepass
and
-keypass
must be identical.
shell> keytool -genseckey -alias jgroups \
-validity 3650 \
-keyalg Blowfish -keysize 56 -keystore /etc/tungsten/secure/tungsten_jgroups_keystore.jceks \
-storepass mykeystorepass -keypass mykeystorepass \
-storetype JCEKS
Generating a TLS Certificate
Run this command to create the keystore in
/etc/tungsten/secure
. You may use your own
location, but the values for
-storepass
and
-keypass
must match.
shell> keytool -genkey -alias tls \
-validity 3650 \
-keyalg RSA -keystore /etc/tungsten/secure/tungsten_tls_keystore.jks \
-dname "cn=Continuent, ou=IT, o=Continuent, c=US" \
-storepass mykeystorepass -keypass mykeystorepass