CockroachDB has been on my to-check-out list for a very long time. So during this break, I want to spend sometimes to get familiar with it. Who know, maybe it be also be used at work.
I’m checking it out their Rust sample program. In that program, the user’s credential used to connect to the database is done with certificate. So, I need to know how to do generate a user (or also known as client) certificate and key.
[kenno@db1 ~]$ cockroach cert create-client \
kenno \
--certs-dir=certs \
--ca-key=my-safe-directory/ca.key
We need to pass the client’s name: kenno in my case and point to the CA’s key ca.key.
To list existing certificates, run cockroach cert list.
[kenno@db1 ~]$ cockroach cert list --certs-dir=certs
Certificate directory: certs
Usage | Certificate File | Key File | Expires | Notes | Error
---------+------------------+------------------+------------+-----------------------------------+--------
CA | ca.crt | | 2031/01/04 | num certs: 1 |
Node | node.crt | node.key | 2025/12/31 | addresses: localhost |
Client | client.kenno.crt | client.kenno.key | 2026/01/01 | user: kenno |
Client | client.root.crt | client.root.key | 2025/12/31 | user: root |
(4 rows)
You can learn more about cockroach cert command here: cockroach cert.