The Aerospike Knowledge Base has moved to https://support.aerospike.com. Content on https://discuss.aerospike.com is being migrated to either https://support.aerospike.com or https://docs.aerospike.com. Maintenance on articles stored in this repository ceased on December 31st 2022 and this article may be stale. If you have any questions, please do not hesitate to raise a case via https://support.aerospike.com.
TLS Information, FAQ’s, How-To’s, and General Information
Aerospike Basics
Resource |
Summary |
How To Configure and Test TLS on Aerospike |
How to configure the tls{} stanza(s) (service, fabric, heartbeat, and XDR stanzas) to specify which certificates will be used. Explains how to add the TLS configuration to the relevant protocol stanzas, to configure the parties that would connect to the cluster using TLS, and to disable the non-TLS ports. |
Step-by-step for service TLS |
Details the changes required to be made on the Aerospike nodes so that clients can communicate with the cluster via TLS enabled ports. Covers Standard and Mutual authentication modes of TLS with cluster name match. |
More Specifics
Resource |
Summary |
How to use multiple TLS client certificates |
Detailed step by step for using multiple TLS client certificates. Covers XDR scenario as well. |
How to use Mutual Authentication TLS (mTLS) in Java |
Describes how to setup a Java application to connect to an Aerospike cluster configured to use mutual authentication TLS. Link to example GitHub project included. |
How to rotate signed certificates |
How to update a signed certificate on the server or client. Valid for either standard or mutual authentication. Assumes that the CA ROOT certificate is not expiring. |
How to replace CA certs |
Focuses on the CA certificate expiration and the options available to replace expiring Certificate Authority (CA) certificates. Covers configurations using either ca-file or ca-path. |
How to deploy TLS certs in ramfs/tmpfs |
Discusses deploying certificates from the manager to Aerospike without storing them on the node hard drives, using the linux ramfs/tmpfs functionality. |
How to select TLS cipher suites in Java |
How to explicity specify the set of cipher suites that are allowed to be used during the TLS handshake. This will ensure that cipher suites are used which get the best performance while satisfying the organizational security requirements. Assumes that some hypothetical security requirements are based on the NIST Guidelines in SP 800-52. |
Non-Aerospike Specific
FAQs
Keywords
TLS TOC FAQ SSL SECURITY CONFIGURATION
Timestamp
June 2020