Certificate utilities

Several utilities are bundled with Plixer Scrutinizer to help manage the TLS certificates used by the system.

Note

These scripts rely on Plixer Scrutinizer’s default ssh connectivity.

generate_requests.sh

This script generates certificate requests from all TLS keys in a distributed Plixer Scrutinizer cluster. It should be run on the cluster’s primary Reporter as the plixer user. Certificate details can be set via the script’s variables.

All certificate requests are placed in /tmp/request. /tmp/request/apache_server.csr is the certificate request for the primary Reporter’s web server, and requests from the rest of the cluster are organized in subdirectories.

install_certs.sh

This script installs signed TLS certificates across a distributed Plixer Scrutinizer cluster. It should be run on the cluster’s primary Reporter as the plixer user.

.cer files are expected at /tmp/signed and should follow the filename conventions used by generate_requests.sh. /tmp/signed/ca.cer should be the Certificate Authority’s root certificate.

Note

These utilities rely on Plixer Scrutinizer’s default ssh connectivity.

scrut_util –rotatecerts –reset

This scrut_util command automatically resets and restores database certificates. It can be used if either of the former scripts causes unexpected issues or when DB connection issues are observed.

scrut_util --rotatecerts --reset will regenerate all TLS keys and certificates in a distributed Plixer Scrutinizer cluster and should restore normal operations at the expense of any existing signed certificates.