diff options
| author | mzinal <mzinal@yandex-team.com> | 2022-10-19 10:49:21 +0300 |
|---|---|---|
| committer | mzinal <mzinal@yandex-team.com> | 2022-10-19 10:49:21 +0300 |
| commit | 3c5ef6b14a1e7a22fdd62b0cb3de643221a00d3b (patch) | |
| tree | f97b570e1777699edf2df279e8a0cdb720bc44cb | |
| parent | f5a084eaa391f826a8211c80439a5085c54d3e71 (diff) | |
| download | ydb-3c5ef6b14a1e7a22fdd62b0cb3de643221a00d3b.tar.gz | |
fixed paths and commands for YDB TLS certificate generation
| -rw-r--r-- | ydb/docs/en/core/deploy/manual/deploy-ydb-on-premises.md | 15 | ||||
| -rw-r--r-- | ydb/docs/ru/core/deploy/manual/deploy-ydb-on-premises.md | 15 |
2 files changed, 22 insertions, 8 deletions
diff --git a/ydb/docs/en/core/deploy/manual/deploy-ydb-on-premises.md b/ydb/docs/en/core/deploy/manual/deploy-ydb-on-premises.md index 10712eb28d3..2e46487cd1c 100644 --- a/ydb/docs/en/core/deploy/manual/deploy-ydb-on-premises.md +++ b/ydb/docs/en/core/deploy/manual/deploy-ydb-on-premises.md @@ -177,17 +177,24 @@ We don't recommend storing data on disks used by other processes (including the 1. Create a private Certificate Authority (CA) certificate: ```bash - openssl req -new -x509 -config ca.cnf -key secure/ca.key -out ca.crt -days 365 -batch + openssl req -new -x509 -config ca.cnf -key secure/ca.key -out certs/ca.crt -days 1830 -batch ``` + 1. Create the initial text database and certificate serial number files for OpenSSL: + + ```bash + touch index.txt + echo 01 >serial.txt + ``` + 1. Create keys and certificates for the cluster nodes: - 1. Create a `node.conf` configuration file with the following contents: + 1. Create a `node.cnf` configuration file with the following contents: ```text # OpenSSL node configuration file [ req ] - prompt=no + prompt = no distinguished_name = distinguished_name req_extensions = extensions @@ -201,7 +208,7 @@ We don't recommend storing data on disks used by other processes (including the 1. Create a certificate key: ```bash - openssl genrsa -out node.key 2048 + openssl genrsa -out certs/node.key 2048 ``` 1. Create a Certificate Signing Request (CSR): diff --git a/ydb/docs/ru/core/deploy/manual/deploy-ydb-on-premises.md b/ydb/docs/ru/core/deploy/manual/deploy-ydb-on-premises.md index 4d74cdf074a..679a6970e36 100644 --- a/ydb/docs/ru/core/deploy/manual/deploy-ydb-on-premises.md +++ b/ydb/docs/ru/core/deploy/manual/deploy-ydb-on-premises.md @@ -177,17 +177,24 @@ sudo usermod -aG disk ydb 1. Создайте частный Certificate Authority (CA) сертификат: ```bash - openssl req -new -x509 -config ca.cnf -key secure/ca.key -out ca.crt -days 365 -batch + openssl req -new -x509 -config ca.cnf -key secure/ca.key -out certs/ca.crt -days 1830 -batch + ``` + + 1. Создайте текстовую базу данных и файл индекса сертификатов OpenSSL: + + ```bash + touch index.txt + echo 01 >serial.txt ``` 1. Создайте ключи и сертификаты для нод кластера: - 1. Создайте конфигурационный файл `node.conf` со следующим содержимым: + 1. Создайте конфигурационный файл `node.cnf` со следующим содержимым: ```text # OpenSSL node configuration file [ req ] - prompt=no + prompt = no distinguished_name = distinguished_name req_extensions = extensions @@ -201,7 +208,7 @@ sudo usermod -aG disk ydb 1. Создайте ключ сертификата: ```bash - openssl genrsa -out node.key 2048 + openssl genrsa -out certs/node.key 2048 ``` 1. Создайте Certificate Signing Request (CSR): |