see on GitHub

Operations: Server: How to Generate a Client Certificate

You can generate a client certificate using CreateClientCertificateOperation.

Syntax

public CreateClientCertificateOperation(String name,
                                        Map<String, DatabaseAccess> permissions,
                                        SecurityClearance clearance)

public CreateClientCertificateOperation(String name,
                                        Map<String, DatabaseAccess> permissions,
                                        SecurityClearance clearance,
                                        String password)

public enum SecurityClearance {
    UNAUTHENTICATED_CLIENTS,
    CLUSTER_ADMIN,
    CLUSTER_NODE,
    OPERATOR,
    VALID_USER
}

public enum DatabaseAccess {
    READ_WRITE,
    ADMIN
}

Parameters
name String Name of a certificate
permissions Map<String, DatabaseAccess> Map with database to access level mapping
clearance SecurityClearance Access level
password String Optional certificate password, default: no password
Return Value
RawData client certificate raw data

Example I

// With user role set to Cluster Administrator or Operator the user of this certificate
// is going to have access to all databases

CreateClientCertificateOperation operation = new CreateClientCertificateOperation("admin",
    null, SecurityClearance.OPERATOR);
CertificateRawData certificateRawData = store.maintenance().server().send(operation);
byte[] certificatesZipped = certificateRawData.getRawData();

Example II

// when security clearance is ValidUser, you need to specify per database permissions
CreateClientCertificateOperation operation = new CreateClientCertificateOperation("user1",
    Collections.singletonMap("Northwind", DatabaseAccess.ADMIN),
    SecurityClearance.VALID_USER,
    "myPassword");

CertificateRawData certificateRawData = store.maintenance().server().send(operation);
byte[] certificateZipped = certificateRawData.getRawData();