You may want to provide your own certificates, or have installed with `disable-security-controls=true`, and now wish to enable security. If so, tpm cert is for you.
In the following advanced example, we will rotate the database certs using a source .pfx file.
Populate the tungsten.env
file
Generate the security files defined in
tungsten.env
Add new options to the tungsten.ini
to match
Update the software using the new security settings
Displays example tungsten.env
contents
tpm cert example env
Create a new $CONTINUENT_ROOT/share/tungsten.env
file, which defaults to example id 1:
tpm cert gen env 2
Run vi $CONTINUENT_ROOT/share/tungsten.env
tpm cert vi env export BASE_DIR=/etc/tungsten/secure export BATCH="pfx2p12,JK,TS,CJ,CT"
Display variables set in
$CONTINUENT_ROOT/share/tungsten.env
tpm cert ask env
Displays example tungsten.ini
contents
tpm cert example ini
Run vi /etc/tungsten/tungsten.ini
tpm cert vi ini java-keystore-path=/etc/tungsten/secure/tungsten_keystore.jks java-truststore-path=/etc/tungsten/secure/tungsten_truststore.ts java-connector-keystore-path=/etc/tungsten/secure/tungsten_connector_keystore.jks java-connector-truststore-path=/etc/tungsten/secure/tungsten_connector_truststore.ts
Generate all cert files in the BATCH envvar defined in the
tungsten.env
file:
tpm cert gen batch --livetls -x
Display info as json all cert files in the BATCH envvar defined in the
tungsten.env
file:
tpm cert info P12,JK,TS,CJ,CT
Display the extracted package staging directory that the software was installed from:
tpm query staging
Update the software to use the new cert files in {certsdir}:
cd {staging_dir} tools/tpm update --replace-release