Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space ML1 and version 9.2

To configure ClustrixDB to use encrypted connections:

Create keys and certificates (using your choice of method) and copy them as the root user to every node:

shell> scp server-cert.pem root@hostname:/data/clustrix
shell> scp server-key.pem root@hostname:/data/clustrix        

On each node, transfer ownership of those files to the clxd user:

shell> sudo chown clxd server-*.pem       

Certificates and keys must be in the same location on every node.

Configure ClustrixDB to use these certificates, keys, and SSL:

sql> SET GLOBAL ssl_cert = '/data/clustrix/server-cert.pem'; 
sql> SET GLOBAL ssl_key = '/data/clustrix/server-key.pem'; sql> ALTER CLUSTER RELOAD SSL;
sql> SET GLOBAL ssl_enabled = TRUE;
Note

ALTER CLUSTER RELOAD SSL validates the location of the certificates and keys. If this command fails, the clustrix.log may include more detail.