Generating & Checking TLS Certificates

You have access to a suite of commands that let you manage the ingestion domains registered on your cluster within the CLI, including generating and checking associated domain TLS certificates. Any event ingestion domain you create (instructions) must be registered to your cluster and have a valid TLS certificate in order for MetaRouter to process data.

Installing the MetaRouter CLI (step-by-step guide) is a prerequisite for using any of the commands included below.


Contact the MetaRouter support team if any of the following apply:

  • You have installed MetaRouter on Azure or AWS.
  • You use a special load balancer configuration or proxy.

The CLI will return an error if your organization is unable to use the commands mentioned here. If you are still unsure of whether any of these limitations apply to your organization, please reach out to the MetaRouter support team.

Maximum Domains

Up to 100 domains can be added to a cluster at any given time. If your organization exceeds this number of domains on a cluster, you will not be able to manage domains through the CLI.

Checking Your DNS Record

Prior to creating any domains, you should to see if your DNS Record has registered properly. You will not be able to create a domain until it has registered.

To perform this check, run the following command:

control test domain [your domain]

This command can return three messages:

  • Your domain is registered and ready to use.
  • Your domain has not been registered yet.
  • Your organization’s cluster setup is not compatible with this command.

Creating Your Domain

You can use the MetaRouter CLI to create a domain and issue a TLS certificate for that domain on your cluster. This step is necessary so that MetaRouter knows to route traffic from your domain to your cluster.

To create your domain, run the following command. Be careful when creating your domain- it needs to exactly match the domain you created with your A Record.

control create domain [your domain]

Once this command is run, MetaRouter will provision a TLS certificate. This will allow data to successfully flow into MetaRouter. The provisioning process should take a few minutes, but in cases where many domains are added, it may take up to 24 hours. Please reach out to the MetaRouter support team if your domain takes longer than 24 hours to provision.

Testing Your Certificate

To check whether a TLS certificate has been provisioned, run the following command:

control test tls

If successful, this command will return the certificate that has been created in the cluster. This means that data should be able to flow to your cluster.

Check for All Configured Domains

You may check for all domains you have configured on your cluster. To do so, run the following command:

control get domains

Delete Domains

If you added an incorrect domain or no longer use a domain, you can delete it from your cluster. Be extremely careful! If you delete the wrong domain, you may impact MetaRouter’s ability to collect and route your data.

To delete a domain, run the following command:

control delete domain [your domain]