Connecting to MaxScale using TLS with MaxCtrl
Overview
MaxCtrl is a command-line utility that can perform administrative tasks using MaxScale's MaxScale's REST API. It is possible to connect to MaxScale using TLS with MaxCtrl.
Connecting to MaxScale using TLS
Create a basic or admin user, depending on what kind of user you need:
$ maxctrl create user "maxscale_rest_admin" "maxscale_rest_admin_password" --type=adminReplace maxscale_rest_admin and maxscale_rest_admin_password with the desired user and password.
If you want to use MaxCtrl remotely, configure the REST API for remote connections. Several global parameters must be configured in maxscale.cnf.
Parameter
Description
* This parameter defines the network address that the REST API listens on.
* The default value is 127.0.0.1.
*This parameter defines the network port that the REST API listens on.
* The default value is 8989.
For example:
[maxscale]
...
admin_host = 0.0.0.0
admin_port = 8443Enable TLS for MaxScale's Configure the REST API. Several global parameters must be configured in maxscale.cnf.
Parameter
Description
* This parameter defines the private key used by the REST API.
* This parameter defines the certificate used by the REST API.
*This parameter defines the CA certificate that signed the REST API's certificate.
For example:
[maxscale]
...
admin_ssl_key=/certs/server-key.pem
admin_ssl_cert=/certs/server-cert.pem
admin_ssl_ca_cert=/certs/ca-cert.pemEnsure that the client also has a TLS certificate, a private key, and the CA certificate.
Use MaxCtrl to connect with TLS:
$ maxctrl --secure \
--user=maxscale_rest_admin \
--password=maxscale_rest_admin_password \
--hosts=192.0.2.100:8443
--tls-key=/certs/client-key.pem \
--tls-cert=/certs/client-cert.pem \
--tls-ca-cert=/certs/ca.pemReplace
maxscale_rest_admin and maxscale_rest_admin_passwordwith the actual user and password.
This page is: Copyright © 2025 MariaDB. All rights reserved.
Last updated
Was this helpful?