Using non-LCM generated certificates

Generate certificates for DSE servers using a commercial or enterprise certificate authority external to LCM.

Some organizations might want to generate certificates for DataStax Enterprise (DSE) servers using a commercial or enterprise certificate authority external to Lifecycle Manager (LCM). Complete the following steps to generate certificates not generated by LCM.

Procedure

  1. Prior to running an install or configure job, prepare keystores and truststores for each node outside of LCM.
  2. Deploy the appropriate keystore and truststore to each DSE server using scp, rsync, or other method of file deployment. The keystore files are commonly deployed to the /etc/dse/keystores/ directory.
  3. Edit the configuration profile in LCM so that the keystore and truststore paths point to the location where the files were deployed as mentioned previously. For example: /etc/dse/keystores/server.keystore and /etc/dse/keystores/server.truststore.
  4. Edit the configuration profile in LCM so that the keystore and truststore passwords allow DSE to unlock the files that were manually deployed.
  5. Run an install or configure job.

    When executing the job, LCM configures each DSE server to use the provided, pre-deployed keystore and truststore. LCM does not attempt to prepare certificates using the internal certificate authority when it finds a pre-existing keystore and truststore present on a DSE server.