4.6. TLS Erlang Distribution

    This section describes how to enable TLS distribution for additional verification and security.

    Reference: Using TLS for Erlang Distribution

    For TLS to work properly, at least one public key and one certificate must be specified. In the following example (couch_ssl_dist.conf), the PEM file contains the and its private key.

    The following command is an example of generating a certificate (PEM) file.

    1. $ openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
    2. $ cat key.pem cert.pem > erlserver.pem && rm key.pem cert.pem

    Note

    This is not an endorsement of a specific expiration limit, key size or algorithm.

    The no_tls flag can have these values:

    1. Use TLS only, set to false (default value), such as:

    2. Use TCP only, set to true, such as:

    Start Erlang using a remote shell connected to Node.

    • If the node uses TCP:

      1. $ ./remsh

    • If the node uses TLS: