Generate SSL certificates
CockroachDB prioritizes secure communication between nodes and clients. To ensure data protection, we’ll be using SSL certificates, so let’s generate them. Here are the steps:
1. Create directories for certificates and keys.
mkdir certs keys
2. The CA key will be used while creating certificates for nodes and clients, it forms the basis of trust in your cluster. Use the ‘cockroach cert‘ command:
cockroach cert create-ca --certs-dir=certs --ca-key=keys/ca.key
3. Each node requires its node certificates and keys, use the ‘cockroach cert’ command to generate them:
cockroach cert create-node localhost $(hostname) --certs-dir=certs --ca-key=keys/ca.key
Note that since we’ll be running a local cluster, all nodes will have the same hostname i.e. localhost hence we’ll need only one certificate. For multi-machine clusters, generate certificates for each node.
4. Create a certificate for your root user:
cockroach cert create-client root --certs-dir=certs --ca-key=keys/ca.key
How to Install CockroachDB Cluster on Debian 12
Debian 12 is a versatile and robust operating system ideal for hosting various applications, including distributed databases like CockroachDB. In this guide, we’ll walk through the process of installing and setting up a CockroachDB cluster on Debian 12. CockroachDB is a scalable, distributed SQL database designed for cloud-native applications, and installing it on Debian 12 provides a reliable foundation for building resilient and high-performance database clusters.