I wanted to announce a change in FDB’s TLS config options that I’ve made to make using TLS in FDB simpler.
Firstly, the default certificate file path and key file path have changed. Previously they were both set to /etc/foundationdb/fdb.pem (on linux). With this change they are /etc/foundationdb/cert.pem and /etc/foundationdb/key.pem.
In addition the rules fdbcli uses to set TLS options have changed. Previously, fdbcli would automatically use a file named fdb.pem in your current working directory as your TLS key and certificate even if there existed a file named fdb.pem in your standard configuration directory (i.e. /etc/foundationdb/fdb.pem). This change means that fdbcli will no longer implicitly setup TLS if you have a pem file present, instead you must explicitly configure fdbcli to use a cert and key file.
FDB documentation previously guided users into creating a certificate and key and then combine them into a file named fdb.pem, and then assigning that file as both your cert file and key file. From my perspective combining these was confusing users more than helping them so the documentation will now lead users to use separate key and cert files. Note this is a documentation-only change, using a combined fdb.pem file will work as it did previously.