6.3. Creating Suitable Certificates

By default, tpm can automatically create suitable certificates and configuration for use in your deployment. To create the required certificates by hand, use one of the following procedures.

6.3.1. Creating Tungsten Internal Certificates Using tpm cert

Available as of Version 7.1.0, the tpm cert command will perform the generation steps for you.

  • Generating a TLS Certificate

    Run this command to create the TLS keystore tungsten_tls_keystore.jks in $CONTINUENT_ROOT/generated. You may use your own location, please see Section 9.5.2.8, “tpm cert: Getting Started - Advanced Example” for the steps required to do so.

    ## Perform a dry run generation of the file
    shell> tpm cert gen tls_keystore --dryrun
    
    ## Perform a dry run generation of the file, using the shorter syntax, same as above
    shell> tpm cert gen tls -n
    
    ## Generate the file, displaying the command executed with -x
    shell> tpm cert gen tls -x

6.3.2. Creating Tungsten Internal Certificates Manually

To manually generate the security files, use the steps below:

  • Generating a TLS Certificate

    Run this command to create the keystore in /etc/tungsten/secure. You may use your own location, but the values for -storepass and -keypass must match.

    shell> keytool -genkey -alias tls \
    -validity 3650 \
    -keyalg RSA -keystore /etc/tungsten/secure/tungsten_tls_keystore.jks \
    -dname "cn=Continuent, ou=IT, o=Continuent, c=US" \
    -storepass mykeystorepass -keypass mykeystorepass