To configure ClustrixDB to use encrypted connections:

Create keys and certificates (using your choice of method) and copy them as the root user to every node:

shell> scp server-cert.pem [email protected]:/data/clustrix
shell> scp server-key.pem [email protected]:/data/clustrix        

On each node, transfer ownership of those files to the clxd user:

shell> sudo chown clxd server-*.pem       

Certificates and keys must be in the same location on every node.

Configure ClustrixDB to use these certificates, keys, and SSL:

sql> SET GLOBAL ssl_cert = '/data/clustrix/server-cert.pem'; 
sql> SET GLOBAL ssl_key = '/data/clustrix/server-key.pem'; sql> ALTER CLUSTER RELOAD SSL;
sql> SET GLOBAL ssl_enabled = TRUE;

ALTER CLUSTER RELOAD SSL validates the location of the certificates and keys. If this command fails, the clustrix.log may include more detail.