Skip to Navigation
Operations: Server: How to Generate a Client Certificate
-
You can generate a client certificate using CreateClientCertificateOperation.
-
Learn the rationale needed to properly define client certificates in The RavenDB Security Authorization Approach
Usage
const cert1 = await store.maintenance.server.send(
new CreateClientCertificateOperation([name], [permissions], [clearance], [password]));SecurityClearance options:
UnauthenticatedClientsClusterAdminClusterNodeOperatorValidUser
DatabaseAccess options:
ReadWriteAdmin
| Parameters | ||
|---|---|---|
| name | string | Name of a certificate |
| permissions | Record<string, DatabaseAccess> | Record mapping databases to access level |
| clearance | SecurityClearance | Access level |
| password | string | Optional certificate password, default: no password |
| Return Value | |
|---|---|
| RawData | client certificate raw data |
Example I
// With user role set to Cluster Administrator or Operator the user of this certificate
// is going to have access to all databases
const clientCertificateOperation = await store.maintenance.server.send(
new CreateClientCertificateOperation("admin", {}, "Operator"));
const certificateRawData = clientCertificateOperation.rawData;Example II
// when security clearance is ValidUser, you need to specify per database permissions
const clearance = {
[store.database]: "ReadWrite"
};
}
t clientCertificateOperation = await store.maintenance.server.send(
new CreateClientCertificateOperation("user1", clearance, "ValidUser", "myPassword"));
t certificateRawData = clientCertificateOperation.rawData;
Related Articles