By default, tpm can automatically create suitable certificates and configuration for use in your deployment. To create the required certificates by hand, use one of the following procedures.
Available as of Version 7.1.0, the tpm cert command will perform the generation steps for you.
Generating a TLS Certificate
Run this command to create the TLS keystore
tungsten_tls_keystore.jks
in
$CONTINUENT_ROOT/generated
. You may use your
own location, please see
Section 9.5.2.8, “tpm cert: Getting Started - Advanced Example” for
the steps required to do so.
## Perform a dry run generation of the file shell>tpm cert gen tls_keystore --dryrun
## Perform a dry run generation of the file, using the shorter syntax, same as above shell>tpm cert gen tls -n
## Generate the file, displaying the command executed with -x shell>tpm cert gen tls -x
To manually generate the security files, use the steps below:
Generating a TLS Certificate
Run this command to create the keystore in
/etc/tungsten/secure
. You may use your own
location, but the values for
-storepass
and
-keypass
must match.
shell> keytool -genkey -alias tls \
-validity 3650 \
-keyalg RSA -keystore /etc/tungsten/secure/tungsten_tls_keystore.jks \
-dname "cn=Continuent, ou=IT, o=Continuent, c=US" \
-storepass mykeystorepass -keypass mykeystorepass