During installation, ESP encrypts SSL files and
references them in
<node-name>.xml. To indicate that they are
encrypted, the files gain the
.enc extension, becoming
server.key.enc and
server.crt.enc. Encrypt SSL
files only when you configure a new node or cluster (before you start it), or when you need
to re-encrypt SSL files using a new key
file. By default,
ESP looks for encrypted and unencrypted SSL files in
ESP_HOME/cluster/keys/<cluster-name>.
The
ESP
installer provides only encrypted SSL
files.
To configure SSL files for a new cluster, either:
- Use OpenSSL
or a similar toolkit to
generate
your own server.key and server.crt in
privacy enhanced mail (PEM) format, or;
- Copy existing SSL files to the new cluster, then use a new cluster key file to
re-encrypt the files.