Skip to content

Commit

Permalink
Issue #252
Browse files Browse the repository at this point in the history
  • Loading branch information
kirjaamo committed Mar 11, 2021
1 parent 6a2e70b commit cb0fd39
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion galeracluster/source/documentation/ssl-cert.rst
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,9 @@ The node uses the client certificate to secure client-side activity. In the eve
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 \
-out client-cert.pem
This creates a key and certificate file for the database client. They are in the current working directory as ``client-key.pem`` and ``client-cert.pem``. Each node requires both to secure client activity and state snapshot transfers.
This creates a key and certificate file for the database client. They are in the current working directory as ``client-key.pem`` and ``client-cert.pem``.

.. note:: Each node requires both to secure client activity and state snapshot transfers.


.. _`verify-cert`:
Expand All @@ -172,6 +174,8 @@ When you finish creating the key and certificate files, use ``openssl`` to verif
In the event that this verification fails, repeat the above process to generate replacement certificates.

The Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. Otherwise, the certificate and key files will not work for servers compiled using OpenSSL.

Once the certificates pass verification, you can send them out to each node. Use a secure method, such as ``scp`` or ``sftp``. The node requires the following files:

- Certificate Authority: ``ca-cert.pem``.
Expand Down

0 comments on commit cb0fd39

Please sign in to comment.