Welcome

Dell Sites

Dell Technologies
Premier Sign In
Partner Program Sign In
Dell Financial Services
Support

Dell Sites

Dell Technologies
Premier Sign In
Partner Program Sign In
Dell Financial Services
Support

Sign Out

Welcome to Dell

My Account

Place orders quickly and easily
View orders and track your shipping status
Enjoy members-only rewards and discounts
Create and access a list of your products
Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

US/EN

Cart

Your Dell.com Carts

Products
Solutions
Services
Contact Us

Support
Product Support
Manuals

PowerProtect Data Manager 19.10 Security Configuration Guide

Notes, cautions, and warnings
Disclaimer
Preface
Introduction
Authentication
Authorization
Log Settings
- Authentication Server logging
- Add a log bundle
Network and Communication Security Settings
Data Security Settings
Cryptography
- Security certificates
- Certificate management
Security Updates and Patching
- Security updates and patching
- Update the Velero or OADP version used by PowerProtect Data Manager
Authenticity and Integrity
- About product authenticity and integrity
- Verification
Miscellaneous Configuration and Management Elements
REST API Procedures
- Manual certificate replacement
  - Prepare a public certificate and private key from a keystore
  - Manually install a custom security certificate through the REST API
- Configure password complexity and expiration through the REST API

PDF

Loading, Please wait

Security certificates

A default installation of PowerProtect Data Manager creates self-signed security certificates that secure communication with other components. As you configure the server and add assets, PowerProtect Data Manager stores additional certificates for each component.

The Administrator and Security Administrator roles can review the Administration > Certificates page in the UI. This page contains three tabs that list the installed security certificates. Each tab provides information about certificate uses, expiry dates, issuers, and so forth.

Using descriptive hostnames and fully qualified domain names for each application agent or external component aids in matching security certificates to assets or systems. You can compare the values in the Host column for the certificates to the hostnames and addresses for asset sources, protection storage, and so forth. Common names are arbitrary strings of characters but frequently include hostnames and IP addresses, especially for external components.

Internal components

The certificates on the Internal tab secure access to components that are part of the PowerProtect Data Manager server, such as the UI and REST API:

ppdmserver holds the certificate that PowerProtect Data Manager presents to secure communication with the UI and the REST API.
restserver holds the default self-signed certificates from deployment.

Certificate management provides instructions to replace the default self-signed security certificates on the Internal tab with certificates from an approved certificate authority (CA) of your choice.

If you replace the self-signed certificates, PowerProtect Data Manager replaces the ppdmserver and restserver certificates with a new certificate called custom. This single entry holds the host certificate that you provided during replacement. Both the UI and the REST API use the custom certificate.

Application agents

The certificates on the Application Agents tab secure access to the agents, which are under the control of PowerProtect Data Manager but exist outside the server. Application agents create certificate signing requests during the registration process to obtain signed security certificates from PowerProtect Data Manager. This list shows application agents that have received signed certificates.

The process of creating an application agent certificate incorporates information about the asset source fully qualified domain name and IP address. The agent provides a unique common name during the signing request.

External components

The certificates on the External Servers tab secure access to components or systems that are beyond the control of the server, but where you have approved the communication.

For example, directory services and protection storage systems that provide services to PowerProtect Data Manager are external components.

Data is not available for the Topic

Rate this content

All fields are required unless marked otherwise.

Accurate

not accurate

somewhat accurate

mostly accurate

accurate

very accurate

Useful

not useful

somewhat useful

mostly useful

useful

very useful

Easy to understand

not easy

somewhat easy

mostly easy

easy

very-easy

Was this article helpful?

Yes

Send us feedback (Optional)

0/3000 characters

Comments cannot contain these special characters: <>()\

Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.

Please provide ratings (1-5 stars).

Please select whether the article was helpful or not.

Comments cannot contain these special characters: <>()\

US/EN

Site Map

Account

My Account
Order Status
Profile Settings
My Products
Make a Payment
Dell Rewards Balance

Support

Support Home
Contact Technical Support
Returns

Connect with Us

Community
Contact Us
X (Twitter)
LinkedIn
Instagram
YouTube

Site Map

US/EN

Our Offerings

Artificial Intelligence
Products
Solutions
Services
Deals

Our Company

Who We Are
Careers
Dell Technologies Capital
Investors
Newsroom
Perspectives
Recycling
ESG & Impact
Customer Stories

Our Partners

Find a Partner
Find a Reseller
OEM Solutions
Partner Program

Resources

Blog
Dell Rewards
Events
Email Sign-Up
Dell Learning Center
Privacy Center
Resource Library
Security & Trust Center
Trial Software Downloads

Dell Technologies
Dell Premier
Dell Financial Services

Terms of Sale
Privacy Statement
Do Not Sell or Share My Personal Information
Cookies, Ads & Emails
Legal & Regulatory
Accessibility
Anti-Slavery, Human Trafficking & Child Labor