manageSSLKeys.sh
Use the manageSSLKeys.sh
utility to create and manage SSL
certificates.
Syntax
# /opt/mapr/server/manageSSLKeys.sh
manageSSLKeys.sh is a tool to create and manage the SSL certificates. It is run once on the first node from configure.sh
Usage: manageSSLKeys and one of
create [-d DNSDOMAIN] [-N clustername] [-p password] -ug <maprUserGroup>
creates the SSL key and trust stores needed for HTTPS traffic
-d specifies DNS domain used in wildcard certificate. Default
is detected from Local OS
-N clustername
-p password or file containing password
-ug MapR user/group, e.g., mapr:mapr
merge <in trust store> <out trust store> [inPasswordFile (needed to override default password)]
merges the certificates from the in trust store into the existing out trust store
copytruststore <outputFile> [password (needed to override default password)]
copywithconfiguredpassword <srcStore> <destStore> <srcPassword>
createrandompassword [oldPassword (needed to override default password)]
createusercerts [-p password] [-N <clustername> ] [-d DNSDOMAIN ] -ug <maprUserGroup>
-N <clustername>
-d specifies DNS domain used in wildcard certificate. Default
is detected from Local OS
-p password or file containing password
-ug MapR user/group, e.g., mapr:mapr
convert [-N <clustername> ] [-k] [-n] [-p <passwd>] [-srcType JKS|pkcs12] [-dstType JKS|pkcs12] <in key/trust store> <out key/trust store>
converts an existing key/trust store into a new PEM type key/trust store
if srcType and dstType are not specified, it is assumed that you are
converting from JKS to PEM(via pkcs12)
-N <clustername>
-a denotes the certificate alias you want to convert
-k denotes you are converting a keystore
-p <passwd> store password - needed if you are converting custom stores
-srcType JKS|pkcs12 denotes the source format of the store
-dstType JKS|pkcs12 denotes the destination format of the store
Operations
manageSSLKeys.sh
performs the following operations:- convert
- Description: Converts an existing key/trust store into a new PEM type
key/trust store. If you do not specify the type of the source and the destination
key/trust store, it is assumed that you are converting from JKS to PEM (via
pkcs12
). - copytruststore
- Description: Makes a copy of the existing trust store on the node on which this command is run.
- copywithconfiguredpassword
- Description: Copies the source trust store to the destination trust store and secures the destination with the existing destination trust store password.
- create
- Description: Creates the SSL key and trust stores needed for HTTPS traffic.
- createusercerts
- Description: Creates SSL user certificates.
- merge
- Description: Merges the SSL certificates from the in trust store into the existing out trust store.
Examples
The following links demonstrate using the manageSSLKeys.sh
utility.
- Copy trust store: Enabling Security
- Regenerate trust store password: Enabling Security
- Merge trust store: Configuring Secure Clusters for Running Commands Remotely
- Generate trust store and key store files: Step 1: Restart and Check Cluster Services and Configuring Encryption for ODBC Connection
- Convert type of keystore file: Upgrading the Data Access Gateway