$ mkdir servercertfiles
$ cd servercertfiles
$ mkdir -p {public,private,requests}
$ openssl genrsa -out ca.key 2048
Generating RSA private key, 2048 bit long modulus
............................................+++
.......................+++
e is 65537 (0x10001)
$ openssl req -new -x509 -days 3650 -sha256 -key ca.key -out ca.pem \
> -subj "/CN=Couchbase Root CA"
$ openssl genrsa -out private/couchbase.default.svc.key 2048
Generating RSA private key, 2048 bit long modulus
............................+++
.....+++
e is 65537 (0x10001)
$ openssl req -new -key private/couchbase.default.svc.key \
> -out requests/couchbase.default.svc.csr -subj "/CN=Couchbase Server"
$ cat > server.ext <<EOF
> basicConstraints=CA:FALSE
> subjectKeyIdentifier = hash
> authorityKeyIdentifier = keyid,issuer:always
> extendedKeyUsage=serverAuth
> keyUsage = digitalSignature,keyEncipherment
> EOF
$ cp ./server.ext ./server.ext.tmp
$ openssl x509 -CA ca.pem -CAkey ca.key -CAcreateserial -days 365 -req \
> -in requests/couchbase.default.svc.csr \
> -out public/couchbase.default.svc.pem \
> -extfile server.ext.tmp
Signature ok
subject=/CN=Couchbase Server
Getting CA Private Key
$ cd ./public
$ mv couchbase.default.svc.pem chain.pem
$ cd ../private/
$ mv couchbase.default.svc.key pkey.key
$ cd ..
$ sudo mkdir /opt/couchbase/var/lib/couchbase/inbox/
$ sudo cp ./public/chain.pem /opt/couchbase/var/lib/couchbase/inbox/chain.pem
$ sudo cp ./private/pkey.key /opt/couchbase/var/lib/couchbase/inbox/pkey.key
$ ls
ca.key  ca.pem  ca.srl  private  public  requests  server.ext  server.ext.tmp
$ curl -X POST --data-binary "@./ca.pem" \
> http://Administrator:password@10.143.201.101:8091/controller/uploadClusterCA
{"cert":{"type":"uploaded","pem":"-----BEGIN CERTIFICATE-----\nMIIDCzCCAfOgAwIBAgIJAJqsO5NzozuTMA0GCSqGSIb3DQEBCwUAMBwxGjAYBgNV\nBAMMEUNvdWNoYmFzZSBSb290IENBMB4XDTIwMDkyODEwMzQyNVoXDTMwMDkyNjEw\nMzQyNVowHDEaMBgGA1UEAwwRQ291Y2hiYXNlIFJvb3QgQ0EwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQDA+ZTylz0ajhamN8PeNHgMNuYZ+x0hUkps8Rlj\nfkuRzhdSufk7PfayT70qsKjfPn+a9QIAih4dFmSfkIyhZfc7DqlQoowp3lbxGnOz\nmLEv6t2tFCTId3ww7LiYlsqWl9GGAELtJK2l04WBvhUCmWcMh5C2RFMsvCC7KxVd\n1Owzmj/ABP2xFsbgbiREQxiXdNVmKuMfw2EVqP34DHbNXV/swCH0yYS9uD/va/nz\nWH9kzf7usUTSHxZJyvxo+/7FoGWujUS8mK4tkW1o0nu84fWAnw0ElSjMZeJvogiO\nFZhf6zkd16ei3T7ucNrFxMwqCT3RoyPnsHxUEsAFbXs7VuJdAgMBAAGjUDBOMB0G\nA1UdDgQWBBT++PYzmpNqq7pbMbZrrxwXnnEcXTAfBgNVHSMEGDAWgBT++PYzmpNq\nq7pbMbZrrxwXnnEcXTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBX\nGqPw+HjCrnVn7S7y9KWulzU2fPQd2ARmp6+J4jbCRRintIvz0KCkgefADAPXxVQr\nQcQ09o3mmsdQxqrTDPi5FAAHOTuuKp4aUVYVQPBk2/cIUZMK/gfw8FlVynQDL5+l\ntb5+C57Fi6DnGkUDRGwWDnZwfPqJ47veRGC81oAz3eSAXRZ8itG5BTyRfXMl86vj\nLvW2MdpKQa39xV7NsQkGdTq2dE+JdJNddyZ36tPDzP7rPBgwg5VGiH5P6HbGcs6L\njtZjCG6eWchDo4QhfuQicBVSbuc8HHrloIpzCX0ozks/R2exscDbYciAOpYWd4l1\nBN7wJTkYj/UAkO2/AA0T\n-----END CERTIFICATE-----\n","subject":"CN=Couchbase Root CA","expires":"2030-09-26T03:34:25.000Z"},"warnings":[{"node":"ns_1@10.143.201.101","message":"Certificate is not signed with cluster CA."}]}$ 
$ 
$ curl -X POST \
> http://Administrator:password@10.143.201.101:8091/node/controller/reloadCertificate
$ curl -v https://10.143.201.101:18091/pools/default \
> -u Administrator:password --cacert ./ca.pem 
*   Trying 10.143.201.101...
* Connected to 10.143.201.101 (10.143.201.101) port 18091 (#0)
* found 1 certificates in ./ca.pem
* found 692 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* 	 server certificate verification OK
* 	 server certificate status verification SKIPPED
* 	 common name: Couchbase Server (matched)
* 	 server certificate expiration date OK
* 	 server certificate activation date OK
* 	 certificate public key: RSA
* 	 certificate version: #3
* 	 subject: CN=Couchbase Server
* 	 start date: Mon, 28 Sep 2020 10:36:41 GMT
* 	 expire date: Tue, 28 Sep 2021 10:36:41 GMT
* 	 issuer: CN=Couchbase Root CA
* 	 compression: NULL
* ALPN, server did not agree to a protocol
* Server auth using Basic with user 'Administrator'
> GET /pools/default HTTP/1.1
> Host: 10.143.201.101:18091
> Authorization: Basic QWRtaW5pc3RyYXRvcjpwYXNzd29yZA==
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< X-XSS-Protection: 1; mode=block
< X-Permitted-Cross-Domain-Policies: none
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
< Server: Couchbase Server
< Pragma: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Date: Mon, 28 Sep 2020 10:42:55 GMT
< Content-Type: application/json
< Content-Length: 4541
< Cache-Control: no-cache,no-store,must-revalidate
< 
{"name":"default","nodes":[{"systemStats":{"cpu_utilization_rate":3.260869565217391,"cpu_stolen_rate":0,"swap_total":536866816,"swap_used":47120384,"mem_total":1040723968,"mem_free":194695168,"mem_limit":1040723968,"cpu_cores_available":1,"allocstall":390},"interestingStats":{"cmd_get":0,"couch_docs_actual_disk_size":40625306,"couch_docs_data_size":32304128,"couch_spatial_data_size":0,"couch_spatial_disk_size":0,"couch_views_actual_disk_size":0,"couch_views_data_size":0,"curr_items":31591,"curr_items_tot":31591,"ep_bg_fetched":0,"get_hits":0,"mem_used":52656048,"ops":0,"vb_active_num_non_resident":0,"vb_replica_curr_items":0},"uptime":"1367","memoryTotal":1040723968,"memoryFree":194695168,"mcdMemoryReserved":794,"mcdMemoryAllocated":794,"couchApiBase":"http://10.143.201.101:8092/","couchApiBaseHTTPS":"https://10.143.201.101:18092/","clusterMembership":"active","recoveryType":"none","status":"healthy","otpNode":"ns_1@10.143.201.101","thisNode":true,"hostname":"10.143.201.101:8091","nodeUUID":"9a2c871b546f0a6d327cde7eb0a8f1de","clusterCompatibility":393222,"version":"6.6.0-7910-enterprise","os":"x86_64-unknown-linux-gnu","cpuCount":1,"ports":{"direct":11210,"httpsCAPI":18092,"httpsMgmt":18091,"distTCP":21100,"distTLS":21150},"services":["index","kv","n1ql"],"nodeEncryption":false,"configuredHostname":"10.143.201.101:8091","addressFamily":"inet","externalListeners":[{"afamily":"inet","nodeEncryption":false},{"afamily":"inet6","nodeEncryption":false}]}],"buckets":{"uri":"/pools/default/buckets?v=30812415&uuid=4141295ec0ab6e3fbe0eef8f40ad8524","terseBucketsBase":"/pools/default/b/","terseStreamingBucketsBase":"/pools/default/bs/"},"remoteClusters":{"uri":"/pools/default/remoteClusters?uuid=4141295ec0ab6e3fbe0eef8f40ad8524","validateURI":"/pools/default/remoteClusters?just_validate=1"},"alerts":[],"alertsSilenceURL":"/controller/resetAlerts?uuid=4141295ec0ab6e3fbe0eef8f40ad8524&token=0","controllers":{"addNode":{"uri":"/controller/addNodeV2?uuid=4141295ec0ab6e3fbe0eef8f40ad8524"},"rebalance":{"uri":"/controller/rebalance?uuid=4141295ec0ab6e3fbe0eef8f40ad8524"},"failOver":{"uri":"/controller/failOver?uuid=4141295ec0ab6e3fbe0eef8f40ad8524"},"startGracefulFailover":{"uri":"/controller/startGracefulFailover?uuid=4141295ec0ab6e3fbe0eef8f40ad8524"},"reAddNode":{"uri":"/controller/reAddNode?uuid=4141295ec0ab6e3fbe0eef8f40ad8524"},"reFailOver":{"uri":"/controller/reFailOver?uuid=4141295ec0ab6e3fbe0eef8f40ad8524"},"ejectNode":{"uri":"/controller/ejectNode?uuid=4141295ec0ab6e3fbe0eef8f40ad8524"},"setRecoveryType":{"uri":"/controller/setRecoveryType?uuid=4141295ec0ab6e3fbe0eef8f40ad8524"},"setAutoCompaction":{"uri":"/controller/setAutoCompaction?uuid=4141295ec0ab6e3fbe0eef8f40ad8524","validateURI":"/controller/setAutoCompaction?just_validate=1"},"clusterLogsCollection":{"startURI":"/controller/startLogsCollection?uuid=4141295ec0ab6e3fbe0eef8f40ad8524","cancelURI":"/controller/cancelLogsCollection?uuid=4141295ec0ab6e3fbe0eef8f40ad8524"},"replication":{"createURI":"/controller/createReplication?uuid=4141295ec0ab6e3fbe0eef8f40ad8524","validateURI":"/controller/createReplication?just_validate=1"}},"rebalanceStatus":"none","rebalanceProgressUri":"/pools/default/rebalanceProgress","stopRebalanceUri":"/controller/stopRebalance?uuid=4141295ec0ab6e3fbe0eef8f40ad8524","nodeStatusesUri":"/nodeStatuses","maxBucketCount":30,"autoCompactionSettings":{"parallelDBAndViewCompaction":false,"databaseFragmentationThreshold":{"percentage":30,"size":"undefined"},"viewFragmentationThreshold":{"percentage":30,"size":"undefined"},"indexCompactionMode":"circular","indexCircularCompaction":{"daysOfWeek":"Sunday,Monday,Tuesday,Wednesday,Thursday,Friday,Saturday","interval":{"fromHour":0,"toHour":0,"fromMinute":0,"toMinute":0,"abortOutside":false}},"indexFragmentationThreshold":{"percentage":30}},"tasks":{"uri":"/pools/default/tasks?v=57789187"},"counters":{},"indexStatusURI":"/indexStatus?v=104223199","checkPermissionsURI":"/pools/default/checkPermissions?v=QMIxt1d0jJlPZWyW7NAJOmdu%2F%2F4%3D","serverGroupsUri":"/pools/default/serverGroups?v=121188921","clusterName"* Connection #0 to host 10.143.201.101 left intact
:"10.143.201.101","balanced":true,"memoryQuota":256,"indexMemoryQuota":256,"ftsMemoryQuota":256,"cbasMemoryQuota":1024,"eventingMemoryQuota":256,"storageTotals":{"ram":{"total":1040723968,"quotaTotal":268435456,"quotaUsed":104857600,"used":990740480,"usedByData":52656048,"quotaUsedPerNode":104857600,"quotaTotalPerNode":268435456},"hdd":{"total":19966849024,"quotaTotal":19966849024,"used":2795358863,"usedByData":40625306,"free":17171490161}}}$