Certificate Management API
The REST API can be used to manage the root and node certificates of a cluster.
Couchbase Server supports the use of x.509 certificates, for clients and servers. The REST API allows the server certificates to be managed. Server certificates are of two kinds:
Root certificates. A single root certificate exists for each cluster. This certificate, which is sometimes referred to as the cluster certificate, contains the public key of a Certificate Authority (CA). Programs that wish to interact securely with Couchbase Server must elect to trust this CA.
Node certificates. One node certificate exists for, and is installed on each node in the cluster. This certificate is signed by the root certificate (or by an intermediate certificate that itself has gained authority from the root), and is itself therefore granted the authority of the CA. Clients that contact the node can determine the identity of the CA by examining the node certificate, and verifying its signature chain to the root certificate.
The Couchbase Server REST API supports certificate management as follows:
The current root certificate can be retrieved and examined; and can be used to gather information on the cluster. A new root certificate can be uploaded. See Upload and Retrieve the Root Certificate.
The current certificate for a specific node can be retrieved and examined. A new node certificate can be uploaded. See Upload and Retrieve a Node Certificate.
All certificates — root and node — can be regenerated (that is, restored to their automatically provided default values). See Regenerate All Certificates.