Galera Certificate

XCO uses SSL encryption for the communication between the nodes in a multi-node deployment.

XCO uses the MariaDB and Galera services to implement an HA deployment.

MariaDB and Galera – The registrations and configurations for devices, fabrics, and tenants in XCO are stored in a group of databases that are managed by MariaDB. Two nodes operate on a single MariaDB server and utilize Galera clustering technology to synchronize the business state in between the two nodes during standard operation.

When deploying the XCO cluster with multiple nodes, Galera components are automatically configured to communicate over SSL. This SSL configuration does not affect the communication between the cluster servers and their clients. During installation, the SSL configuration generates certificates for the Galera servers. These certificates are signed by the XCO Intermediate CA certificate and remain valid for three years from the date of installation. Upgrades reset the certificate validity period, and there's no downtime when renewing these certificates.

Location

TPVM: /apps/efadata/galera/galera.pem
Server: /opt/efadata/galera/galera.pem

Renewal

To renew Galera certificates, use the efa certificate server renew command.

For information about commands and supported parameters to renew Galera certificates, see . ExtremeCloud Orchestrator Command Reference, 3.5.0