Certificate Operations
Use ttGridAdmin
commands in this topic to regenerate or list the certificates for Transport Layer Security (TLS) in TimesTen Scaleout.
See Using TLS for Client/Server in TimesTen Scaleout in Oracle TimesTen In-Memory Database Scaleout User's Guide for additional information about certificates for TLS in TimesTen Scaleout.
Regenerate the Certificates (certificateRegen)
The certificateRegen
command regenerates the root Certificate Authority for the grid and the client and server certificates.
You can use the certificateRegen
command to determine if new databases require encryption for client/server connections and the cipher suites those databases may use for TLS.
ttGridAdmin certificateRegen [-serverEncryption requirement]
[-serverCipherSuites suites]
Options
The certificateRegen
command has the options:
Options | Description |
---|---|
|
Determines if new databases require encryption for client/server connections. Specify one of these settings:
|
|
Lists the cipher suite or suites that new databases can use for TLS, depending also on the client setting. Specify one or both (separated by comma and in order of preference) of these suites:
There is no default setting. For TLS to be used, the server and client settings must include at least one common suite. |
Examples
This example regenerates the certificates of the grid and sets new databases to require encryption for client/server connections.
% ttGridAdmin certificateRegen -serverEncryption required -serverCipherSuites SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Certificates generated
Note:
The serverEncryption
and serverCipherSuites
options update the default values for the Encryption
and CipherSuites
connection attributes, respectively, for new database definitions and connectables. These options do not affect the current settings for existing database definitions or connectables.
List the Certificates (certificateList)
The certificateList
command lists the Oracle Wallets containing the root Certificate Authority (CA) and the client and server certificates with their expiration dates.
ttGridAdmin certificateList
Examples
This example lists the certificates used by the grid for encrypted client/server connections.
% ttGridAdmin certificateList NAME HOLDER EXPIRATION clientWallet CN=client1,C=US Thu Jul 31 12:59:45 PDT 2031 rootWallet CN=ecRoot,C=US Thu Jul 31 12:59:09 PDT 2031 serverWallet CN=server1,C=US Thu Jul 31 12:59:28 PDT 2031