Using non-LCM generated certificates

About this task

Some organizations might want to generate certificates for DataStax Enterprise (DSE) servers using a commercial or enterprise certificate authority external to Lifecycle Manager (LCM). Complete the following steps to generate certificates not generated by LCM.


  1. Prior to running an installation or configuration job, prepare keystores and truststores for each node outside of LCM.

  2. Deploy the appropriate keystore and truststore to each DSE server using scp, rsync, or other method of file deployment. The keystore files are commonly deployed to the /etc/dse/keystores/ directory.

  3. Edit the configuration profile in LCM so that the keystore and truststore paths point to the location where the files were deployed as mentioned previously. For example: /etc/dse/keystores/server.keystore and /etc/dse/keystores/server.truststore.

  4. Edit the configuration profile in LCM so that the keystore and truststore passwords allow DSE to unlock the files that were manually deployed.

  5. Run an install or configure job.

    When executing the job, LCM configures each DSE server to use the provided, pre-deployed keystore and truststore. LCM does not attempt to prepare certificates using the internal certificate authority when it finds a pre-existing keystore and truststore present on a DSE server.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000,