Understanding the Key Store and Trust Store Files
Provides a comprehensive listing of the key store and trust store files.
Key Stores and Trust Stores Added for Release 7.0.0
Release 7.0.0 added the following key store and trust store files to support FIPS compliance. For Java applications, the Bouncy Castle BCFKS key and trust stores are used. This is new for release 7.0.0. For non-Java applications, the existing PKCS#12 key and trust stores, as well as PEM files are used.
/opt/mapr/conf
directory of the first CLDB node to the
/opt/mapr/conf
directory on all other server nodes. For client-only
nodes, only copy the trust stores and the associated trust store credentials.- maprkeycreds.bcfks
- Location:
/opt/mapr/conf
- maprkeycreds.jceks
- Location:
/opt/mapr/conf
- maprtrustcreds.bcfks
- Location:
/opt/mapr/conf
- maprtrustcreds.jceks
- Location:
/opt/mapr/conf
- ssl_keystore.bcfks
- Location:
/opt/mapr/conf
- ssl_truststore.bcfks
- Location:
/opt/mapr/conf
- ssl_userkeystore.bcfks
- Location:
/opt/mapr/conf
- ssl_usertruststore.bcfks
- Location:
/opt/mapr/conf
Key Stores and Trust Stores Added for Release 6.2.0
The following key store and trust store files were added at release 6.2.0 to support SSL
security for the log stack (Kibana, Elasticsearch, and Fluentd). As part of Enabling Security on a Configured Cluster, you must copy these files from the
/opt/mapr/conf
directory of the security master node to the
/opt/mapr/conf
directory on all other nodes, and assign the appropriate ownership and permissions.
- ssl_userkeystore
- Location:
/opt/mapr/conf
- ssl_userkeystore.csr
- Location:
/opt/mapr/conf
- ssl_userkeystore.p12
- Location:
/opt/mapr/conf
- ssl_userkeystore.pem
- Location:
/opt/mapr/conf
- ssl_userkeystore-signed.pem
- Location:
/opt/mapr/conf
- ssl_usertruststore
- Location:
/opt/mapr/conf
- ssl_usertruststore.p12
- Location:
/opt/mapr/conf
- ssl_usertruststore.pem
- Location:
/opt/mapr/conf
Certificate Files in 6.2.0
The following files were added at release 6.2.0 to facilitate self-signing of data-fabric
certificates. Previously, data-fabric certificates were unsigned. As part of Enabling Security on a Configured Cluster, you must copy these files from the
/opt/mapr/conf
directory of the security master node to the
/opt/mapr/conf
directory on all other nodes, and assign the appropriate
ownership and permissions:
- root-ca.pem
- Location:
/opt/mapr/conf/ca
- chain-ca.pem
- Location:
/opt/mapr/conf/ca
- signing-ca.pem
- Location:
/opt/mapr/conf/ca
KMIP Tokens Added in 6.2.0
External key store (KMIP) tokens were also added as part of release
6.2.0. The KMIP tokens are used for authentication and communication with an external key
store. The tokens are contained in /opt/mapr/conf/tokens
. Tokens must be
copied to all the CLDB nodes in the cluster.
Key Stores and Trust Stores in Release 6.1.0
The following files are generated by running configure.sh -dare -genkeys
on a CLDB node. Alternatively, you can generate them by running the manageSSLKeys.sh script. The ssl_keystore
,
ssl_keystore.p12
, ssl_keystore.pem
,
ssl_truststore
, ssl_truststore.p12
, and
ssl_truststore.pem
files are also generated during installation of the
Web server, even if you did not enable security. For more information, see Enabling Security on a Configured Cluster.
- cldb.key
- Location:
/opt/mapr/conf
- dare.master.key
- Location:
/opt/mapr/conf
- maprserverticket
- Location:
/opt/mapr/conf
- ssl-client.xml
- Location (symlink):
/opt/mapr/conf
- ssl_keystore
- Location:
/opt/mapr/conf
- ssl_keystore.p12
- Location:
/opt/mapr/conf
- ssl_keystore.pem
- Location:
/opt/mapr/conf
- ssl-server.xml
- Location (symlink):
/opt/mapr/conf
- ssl_truststore
- Location:
/opt/mapr/conf
- ssl_truststore.p12
- Location:
/opt/mapr/conf
- ssl_truststore.pem
- Location:
/opt/mapr/conf