Certificate utilities

Several utilities are bundled with Plixer Scrutinizer to help manage the TLS certificates used by the system.

Note

These scripts rely on Plixer Scrutinizer’s default ssh connectivity.

generate_requests.sh

This script generates certificate requests from all TLS keys in a distributed Plixer Scrutinizer cluster. It should be run on the cluster’s primary reporter as the plixer user. Certificate details can be set via the script’s variables.

~/scrutinizer/files/generate_requests.sh

All certificate requests are placed in /tmp/request. /tmp/request/apache_server.csr is the certificate request for the primary reporter’s web server, and requests from the rest of the cluster are organized in subdirectories.

install_certs.sh

This script installs signed TLS certificates across a distributed Plixer Scrutinizer cluster. It should be run on the cluster’s primary reporter as the plixer user.

~/scrutinizer/files/install_certs.sh

.cer files are expected at /tmp/signed and should follow the filename conventions used by generate_requests.sh. /tmp/signed/ca.cer should be the Certificate Authority’s root certificate.

scrut_util –rotatecerts –reset

This scrut_util command automatically resets and restores database certificates. It can be used if either of the former scripts causes unexpected issues or when DB connection issues are observed.

scrut_util --rotatecerts --reset

This will regenerate all TLS keys and certificates in a distribtued cluster and should restore normal operations, at the expense of any existing signed certificates.

For further information or assistance, contact Plixer Technical Support.