Continuent Documentation

Manual Home
Tungsten Replicator 6.1 Manual
Page in Other Manuals
Tungsten Clustering (for MySQL) 6.1 Manual
Breadcrumbs
> Tungsten Replicator 6.1 Manual

       > 9. The tpm Deployment Command

       > 9.5. tpm Commands

       > 9.5.2. tpm cert Command
Chapters
Preface
1. Introduction
2. Deployment Overview
3. Deploying MySQL Extractors
4. Deploying Appliers
5. Deployment: Advanced
6. Deployment: Security
7. Operations Guide
8. Command-line Tools
9. The tpm Deployment Command
10. Replication Filters
11. Performance and Tuning
A. Release Notes
B. Prerequisites
C. Troubleshooting
D. Files, Directories, and Environment
E. Terminology Reference
F. Internals
G. Frequently Asked Questions (FAQ)
H. Ecosystem Support
I. Configuration Property Reference
Navigate Up
9.5.2. tpm cert Command
Parent Sections
9.5.2.1. tpm cert: Getting Started - Basic Examples
9.5.2.2. tpm cert: Getting Started - Functional Database Cert Rotation Example
9.5.2.3. tpm cert: Getting Started - Conversion to Custom-Generated Security Files Example
9.5.2.4. tpm cert: Getting Started - Advanced Example
9.5.2.5. Using tpm cert add
9.5.2.6. Using tpm cert aliases
9.5.2.7. Using tpm cert ask
9.5.2.8. Using tpm cert backup
9.5.2.9. Using tpm cert cat
9.5.2.10. Using tpm cert changepass
9.5.2.11. Using tpm cert clean
9.5.2.12. Using tpm cert copy
9.5.2.13. Using tpm cert diff
9.5.2.14. Using tpm cert example
9.5.2.15. Using tpm cert info
9.5.2.16. Using tpm cert list
9.5.2.17. Using tpm cert gen
9.5.2.18. Using tpm cert remove
9.5.2.19. Using tpm cert rotate
9.5.2.20. Using tpm cert vi
9.5.2.17. Using tpm cert gen
Prev  ^Up9.5.2. tpm cert Command Next

9.5.2.17. Using tpm cert gen

tpm cert gen is used to generate the specified typeSpec file(s). This is the core action since the tpm cert command is designed to streamline the generation of Tungsten-specific security files for use by the tpm install and tpm update commands.

Basic examples: 

shell> tpm cert gen all
shell> tpm cert gen batch
shell> tpm cert gen mysqlcerts
shell> tpm cert gen mysqlp12
shell> tpm cert gen tungsten
shell> tpm cert gen user

Advanced examples: 

shell> tpm cert gen P12_FILE,JK,TS,CJ,CT
shell> tpm cert gen pfx2p12,JK,TS,CJ,CT
shell> tpm cert gen pfx2p1
shell> tpm cert gen pfx2key
shell> tpm cert gen pfx2crt
shell> tpm cert gen crt2pem
shell> tpm cert gen P12_FILE

In addition to the standard {typeSpec} (Execute tpm cert help typespec for a full list) the following {typeSpec}s are also available:

Note

CERT_PASS is optional for Tungsten because usually database client certs do not have a password See Section 6.10.2, “Configure Tungsten<>Database Secure Communication”

Note

Further detail on mysqlcerts typeSpec:

mysqlcerts runs sudo mysql_ssl_rsa_setup, please see https://dev.mysql.com/doc/refman/5.7/en/mysql-ssl-rsa-setup.html

From the above docs: "If openssl is present, mysql_ssl_rsa_setup looks for default SSL and RSA files [ca.pem,server-cert.pem, server-key.pem] in the MySQL data directory specified by the --datadir option, or the compiled-in data directory if the --datadir option is not given. If any of those files are present, mysql_ssl_rsa_setup creates no SSL files. Otherwise, it invokes openssl to create them, plus some additional files:

  • ca.pem : Self-signed CA certificate

  • ca-key.pem : CA private key

  • server-cert.pem : Server certificate

  • server-key.pem : Server private key

  • client-cert.pem : Client certificate

  • client-key.pem : Client private key

Prev Up Next
9.5.2.16. Using tpm cert list  ^Level 9.5.2.18. Using tpm cert remove
Copyright © 2016-2023 Continuent, Ltd.(800) 270-9035Terms of UsePrivacy & CookiesLegal NoticeExhibits