What is difference in 'gen_certs_dir' and 'certs_dir' parameters in yugabyted.conf?

In yugabyted.conf I observed there are two parameters ’ gen_certs_dir’ and ‘certs_dir’ wanted to know the key difference between them.

is ‘gen_certs_dir’ likely used during the initial setup to store SSL/TLS certificates generated by Yugabyte, these are stored in a temporary directory before moving to the final destination?


is ‘certs_dir’ once SSL/TLS certificates are generated, they are placed in a defined path, to be used by yugabytedb for operation?

Can anyone please clarify? Thanks!

Yes @parvez , that is correct.

gen_certs_dir: Directory to store generated certificates. root certs and node-server certs for the nodes are stored here.

certs_dir: Directory where the node server certs are to be placed and used by yugabyted to start yugabytedb processes.

  • Each node-server has it’s own set of certs which is generated and stored in gen_certs_dir.
  • Then these certs (for each node) are to be copied to a path which will be certs_dir.

Hi @Sanskar_Garg, Thank you for providing that information.

can you please confirm that ‘gen_certs_dir’ and ‘certs_dir’ will have the same content (potential redundancy)? or once certs are generated are stored in ‘gen_certs_dir’ ( acts as a temp directory ) these are cut/pasted to ‘certs_dir’ ( ‘gen_certs_dir’) is now an empty directory ).

Yes @parvez, the directories will have same contents if the cert generation is handled by yugabyted.