Initializing Standalone Key Trustee Server

If you are configuring high availability Key Trustee Servers, skip this step and proceed to Cloudera Navigator Key Trustee Server High Availability.

Using Cloudera Manager

Add the Key Trustee Server service to your cluster, following the instructions in Adding a Service. When customizing role assignments, assign only the Active Key Trustee Server and Active Database roles.

Using the Command Line

To initialize a standalone Key Trustee Server, run the following commands on the Key Trustee Server:
$ sudo -u keytrustee ktadmin init --logdir /var/log/keytrustee --external-address keytrustee.example.com
$ sudo -u keytrustee ktadmin db --bootstrap --port 11381 --pg-rootdir /var/lib/keytrustee/db
$ sudo /etc/init.d/keytrusteed start

Replace keytrustee.example.com with the fully-qualified domain name (FQDN) of the Key Trustee Server, and /var/lib/keytrustee/db with the path to the directory you want to use to store the PostgreSQL database.

The ktadmin init command initializes the Key Trustee configuration directory (/var/lib/keytrustee/.keytrustee by default) and generates a self-signed certificate that Key Trustee Server uses for HTTPS communication.

The ktadmin db --bootstrap command initializes the database in the directory specified by the --pg-rootdir parameter.

The sudo /etc/init.d/keytrusteed start command starts Key Trustee Server.

(Optional) Replace Self-Signed Certificate with CA-Signed Certificate

If you have a CA-signed certificate for Key Trustee Server, see Managing Key Trustee Server Certificates for instructions on how to replace the self-signed certificate.