PowerProtect Data Manager 19.9 Security Configuration Guide

Manual certificate replacement

The recommended methods for replacing the security certificates may not apply to some environments that require additional precautions. The following topics describe additional manual methods to replace the default self-signed security certificates for PowerProtect Data Manager with certificates from an approved authority, if the recommended methods do not apply.

Review the guidance in Virtual networks. Use a secure method to transfer the certificates and keys to the PowerProtect Data Manager server.

Complete the prerequisites in Certificate replacement prerequisites.

Manual certificate replacement topics use the following filename placeholders and naming conventions for the required certificates and keystores:

• custom.pem—A public certificate chain in PEM format, signed by a Certificate Authority (CA).
• customkey.pem—The corresponding private key in PKCS#1 (RSA) PEM format.

Optionally:

• custom.keystore—A Java keystore with the private key and public certificate, signed by a CA.
• globalca.pem—The root certificate for the CA that signed the public certificate.

Complete Prepare a public certificate and private key from a keystore as necessary to prepare the required files in the proper formats. Then use the REST API to replace the security certificates by completing Manually install a custom security certificate through the REST API.