Hi Guys, we are using Couchbase Enterprise 4.1.2, we plan to configure our couchbase to use private CA instead of self-signed certificate, I read through the document and am able to find a nice document about using couchbase-cli and REST API to upload and install X.509 certificate, but unfortunately, it seems to support only 4.5+(Am I correct? I can actually find the usage of REST in 4.1 document, https://developer.couchbase.com/documentation/server/4.1/rest-api/rest-endpoints-all.html, but from my testing, the resource is not available…)
My question is, basing on what said above, do we have any manual process documented somewhere to install private CA as cluster certificate and node certificate instead of using couchbase-cli/REST?
https://developer.couchbase.com/documentation/server/4.1/rest-api/rest-endpoints-all.html
The two resources below are available for Couchbase Enterprise 4.1.x? seriously?
POST /controller/uploadClusterCA Uploads a pem-encoded root certificate (cluster CA) to the cluster. none
POST /node/controller/reloadCertificate Takes a certificate/key from the specified directory and applues them to the node. password, chain.pem, pkey.pem
Hi Sanquanfeng,
First of all, thank you for your feedback!
The X.509 feature was introduced in version 4.5 of Couchbase Server. X.509 based client-server encryption is a EE only Couchbase feature.
Please check out this blog : https://blog.couchbase.com/securing-couchbase-using-lets-encrypt-x-509-certificates/ to a walk-through of using X.509 certificates and configuring it with an CA authority like let’s encrypt.
Thank you,
Don Pinto
Couchbase Server, PM Team
Hi Don, thanks for your feedback.
I found that nice post. we are now using 4.1.2 EE. and would like to get some idea on how to do the same with this version(4.1.2).