Continuent Documentation

Manual Home
Tungsten Replicator 7.1 Manual
Page in Other Manuals
Tungsten Clustering (for MySQL) 7.1 Manual
Breadcrumbs
> Tungsten Replicator 7.1 Manual

       > 6. Deployment: Security
Chapters
Preface
1. Introduction
2. Deployment Overview
3. Deploying MySQL Extractors
4. Deploying Appliers
5. Deployment: Advanced
6. Deployment: Security
7. Operations Guide
8. Command-line Tools
9. The tpm Deployment Command
10. Tungsten REST API (APIv2)
11. Replication Filters
12. Performance and Tuning
A. Release Notes
B. Prerequisites
C. Troubleshooting
D. Files, Directories, and Environment
E. Terminology Reference
F. Internals
G. Frequently Asked Questions (FAQ)
H. Ecosystem Support
I. Configuration Property Reference
Navigate Up
6. Deployment: Security
Parent Sections
6.1. Enabling Security
6.2. Disabling Security
6.3. Creating Suitable Certificates
6.4. Installing from a Staging Host with Custom Certificates
6.5. Installing via INI File with Custom Certificates
6.6. Installing via INI File with CA-Signed Certificates
6.7. Replacing the JGroups Certificate from a Staging Directory
6.8. Replacing the TLS Certificate from a Staging Directory
6.9. Removing TLS Encryption from a Staging Directory
6.10. Enabling Tungsten<>Database Security
6.5. Installing via INI File with Custom Certificates
Prev  ^UpChapter 6. Deployment: Security Next

6.5. Installing via INI File with Custom Certificates

6.5.1. Installing via INI File with Manually-Generated Certificates
6.5.2. Installing via INI File with Certificates Generated by tpm cert

Follow the steps in Section 6.3, “Creating Suitable Certificates” to create the TLS certificate.

6.5.1. Installing via INI File with Manually-Generated Certificates

  1. Transfer the generated certificates to the same path on all hosts.

  2. Update your configuration to specify the certificate and the keystore password: 

    java-tls-keystore-path=/etc/tungsten/secure/tungsten_tls_keystore.jks
java-keystore-password=mykeystorepass

6.5.2. Installing via INI File with Certificates Generated by tpm cert

  1. Transfer the generated certificates to the same path on all hosts using your preferred method.

    Available as of Version 7.1.0, the tpm copy command can copy the generated files to all hosts for you if you have password-less SSH configured to all nodes. 

    ## Perform a dry-run pass (-n) to test SSH
## and display the commands that would have been run
## to copy the generated files
shell> tpm copy --gen -n

## Copy the generated files
## and display the command executed (-x)
shell> tpm copy --gen -x

  2. Update your configuration to specify the certificate and the keystore password:

    If you used the tpm cert command (available as of v7.1.0) to generate files for you, they will be located in the $CONTINUENT_ROOT/generated directory by default. 

    java-tls-keystore-path=/opt/continuent/generated/tungsten_tls_keystore.jks
java-keystore-password=mykeystorepass
Prev Up Next
6.4. Installing from a Staging Host with Custom Certificates  ^Level 6.6. Installing via INI File with CA-Signed Certificates
Copyright © 2016-2023 Continuent, Ltd.(800) 270-9035Terms of UsePrivacy & CookiesLegal NoticeExhibits