In yugabyted.conf I observed there are two parameters ’ gen_certs_dir’ and ‘certs_dir’ wanted to know the key difference between them.
is ‘gen_certs_dir’ likely used during the initial setup to store SSL/TLS certificates generated by Yugabyte, these are stored in a temporary directory before moving to the final destination?
and
is ‘certs_dir’ once SSL/TLS certificates are generated, they are placed in a defined path, to be used by yugabytedb for operation?
Can anyone please clarify? Thanks!
Yes @parvez , that is correct.
gen_certs_dir
: Directory to store generated certificates. root certs and node-server certs for the nodes are stored here.
certs_dir
: Directory where the node server certs are to be placed and used by yugabyted to start yugabytedb processes.
- Each node-server has it’s own set of certs which is generated and stored in
gen_certs_dir
.
- Then these certs (for each node) are to be copied to a path which will be
certs_dir
.
Hi @Sanskar_Garg, Thank you for providing that information.
can you please confirm that ‘gen_certs_dir’ and ‘certs_dir’ will have the same content (potential redundancy)? or once certs are generated are stored in ‘gen_certs_dir’ ( acts as a temp directory ) these are cut/pasted to ‘certs_dir’ ( ‘gen_certs_dir’) is now an empty directory ).
Yes @parvez, the directories will have same contents if the cert generation is handled by yugabyted.