Certificate Management API

    The REST API can be used to manage the root and node certificates of a cluster.

    Performing Certificate Management

    Couchbase Server supports the use of x.509 certificates, for clients and servers. The REST API allows the server certificates to be managed. Server certificates are of two kinds:

    • Root certificates. A single root certificate exists for each cluster. This certificate, which is sometimes referred to as the cluster certificate, contains the public key of a Certificate Authority (CA). Programs that wish to interact securely with Couchbase Server must elect to trust this CA.

    • Node certificates. One node certificate exists for, and is installed on each node in the cluster. This certificate is signed by the root certificate (or by an intermediate certificate that itself has gained authority from the root), and is itself therefore granted the authority of the CA. Clients that contact the node can determine the identity of the CA by examining the node certificate, and verifying its signature chain to the root certificate.

    A complete overview of certificate management for Couchbase Server is provided in Certificates. Examples of certificate creation and deployment are provided in Manage Certificates.

    The REST API for Certificate Management

    The Couchbase Server REST API supports certificate management as follows: