Regenerate the Certificates (certificateRegen)
The certificateRegen
command regenerates the root Certificate Authority for the grid and the client and server certificates.
You can use the certificateRegen
command to determine if new databases require encryption for client/server connections and the cipher suites those databases may use for TLS.
ttGridAdmin certificateRegen [-serverEncryption requirement]
[-serverCipherSuites suites]
Options
The certificateRegen
command has the options:
Options | Description |
---|---|
|
Determines if new databases require encryption for client/server connections. Specify one of these settings:
|
|
Lists the cipher suite or suites that new databases can use for TLS, depending also on the client setting. Specify one or both (separated by comma and in order of preference) of these suites:
There is no default setting. For TLS to be used, the server and client settings must include at least one common suite. |
Examples
This example regenerates the certificates of the grid and sets new databases to require encryption for client/server connections.
% ttGridAdmin certificateRegen -serverEncryption required -serverCipherSuites SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Certificates generated
Note:
The serverEncryption
and serverCipherSuites
options update the default values for the Encryption
and CipherSuites
connection attributes, respectively, for new database definitions and connectables. These options do not affect the current settings for existing database definitions or connectables.