ClusterControl Documentation
Use the menu below or the search below to learn everything you need to know about ClusterControl

5.5.9. Security

Note

This feature is introduced in version 1.6.2.

Consolidates cluster-wide security functionality on an easily accessible single page. In the previous versions, cluster-wide security configuration fell under Cluster Actions menu. Supported security functionalities are:

  • Client/Server SSL encryption for PostgreSQL-based clusters.

5.5.9.1. SSL Encryption

5.5.9.1.1. Enable

Enables encrypted SSL client-server connections for the database node(s). The transport layer will be encrypted using the Transfer Layer Security (TLS) protocol. The same certificate will be used on all nodes and to enable SSL encryption the nodes must be restarted. Select ‘Restart Nodes’ to perform a rolling restart of the nodes. All keys and certificates will be generated using OpenSSL.

5.5.9.1.1.1. Create Certificate

  • Create Certificate
    • Create a self-signed certificate immediately and use it to setup SSL encryption.
  • Certificate Expiration (days)
    • Number of days before the certificate become expired and invalid. Default is 1 year (365 days).

5.5.9.1.1.2. Use Existing Certificate

  • Selected Certificate
  • Restart Cluster
    • Restart Nodes - Automatically perform rolling restart of the nodes after setting up certificate and key.
    • Do Not Restart Nodes - Do nothing after setting up certificate and key. User has to perform the server restart manually.

5.5.9.1.2. Change Certificate

Changes the existing certificate for SSL client-server connections for the database node(s). This feature is only available if you already enabled SSL encryption for this cluster. It loads the same options as mentioned in Create Certificate and Use Existing Certificate respectively.

5.5.9.1.3. Disable

Disables SSL encryption for the cluster. This option is only available if you have enabled SSL encryption.