A default installation of
PowerProtect Data Manager creates self-signed security certificates that secure communication with other components. As you configure the server and add assets,
PowerProtect Data Manager stores additional certificates for each component.
The
Administrator and
Security Administrator roles can review the
Administration > Certificates page in the UI. This page contains three tabs that list the installed security certificates. Each tab provides information about certificate uses, expiry dates, issuers, and so forth.
Using descriptive hostnames and fully qualified domain names for each application agent or external component aids in matching security certificates to assets or systems. You can compare the values in the
Host column for the certificates to the hostnames and addresses for asset sources,
protection storage, and so forth. Common names are arbitrary strings of characters but frequently include hostnames and IP addresses, especially for external components.
Internal components
The certificates on the
Internal tab secure access to components that are part of the
PowerProtect Data Manager server, such as the UI and REST API:
ppdmserver holds the certificate that
PowerProtect Data Manager presents to secure communication with the UI and the REST API.
restserver holds the default self-signed certificates from deployment.
Certificate management provides instructions to replace the default self-signed security certificates on the
Internal tab with certificates from an approved certificate authority (CA) of your choice.
If you replace the self-signed certificates,
PowerProtect Data Manager replaces the
ppdmserver and
restserver certificates with a new certificate called
custom. This single entry holds the host certificate that you provided during replacement. Both the UI and the REST API use the
custom certificate.
Application agents
The certificates on the
Application Agents tab secure access to the agents, which are under the control of
PowerProtect Data Manager but exist outside the server. Application agents create certificate signing requests during the registration process to obtain signed security certificates from
PowerProtect Data Manager. This list shows application agents that have received signed certificates.
The process of creating an application agent certificate incorporates information about the asset source fully qualified domain name and IP address. The agent provides a unique common name during the signing request.
External components
The certificates on the
External Servers tab secure access to components or systems that are beyond the control of the server, but where you have approved the communication.
For example, directory services and protection storage systems that provide services to
PowerProtect Data Manager are external components.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\