The recommended methods for replacing the security certificates may not apply to some environments that require additional precautions. The following topics describe additional manual methods to replace the default self-signed security certificates for
PowerProtect Data Manager with certificates from an approved authority, if the recommended methods do not apply.
Review the guidance in
Virtual networks. Use a secure method to transfer the certificates and keys to the
PowerProtect Data Manager server.
Manual certificate replacement topics use the following filename placeholders and naming conventions for the required certificates and keystores:
custom.pem—A public certificate chain in PEM format, signed by a Certificate Authority (CA).
customkey.pem—The corresponding private key in PKCS#1 (RSA) PEM format.
Optionally:
custom.keystore—A Java keystore with the private key and public certificate, signed by a CA.
globalca.pem—The root certificate for the CA that signed the public certificate.