Certificate Requirements
The following table outlines the certificate requirements for various components within the ESA infrastructure:
| S.No. | Certificate | CN | SAN | Cert Type | Comments |
| 1 | CA | As per industry standards | NA | CA | NA |
| 2 | ESA Management – Server | FQDN of ESA where it is applied | Hostname and FQDN of ESA where it is applied | Server | Each ESA would have its own unique server certificate. |
| 3 | ESA Management – Client | Protegrity Client | NA | Client | Each ESA would have its own unique client certificate. |
| 4 | Consul Server | server.<datacenter name>.<domain> | 127.0.0.1 Hostname and FQDN of ESA where it is applied | Server | Each ESA would have its own unique server certificate. The
domain and datacenter name must be equal to the value mentioned in
the config.json file.For example, server.ptydatacenter.protegrity.Skip this certificate, consul is uninstalled, and traditional TAC is
being used. |
| 5 | Audit Store – Server | insights_cluster | Hostname and FQDN of all the ESAs in the Audit Store Cluster | Server | All the ESAs in the Audit Store Cluster should share the same certificate. |
| 6 | Audit Store – Client | es_security_admin | NA | Client | All the ESAs in the Audit Store Cluster should share the same certificate. |
| 7 | Audit Store REST – Server | Use same certificate created in entry 5 | Use same certificate created in entry 5 | Server | All the ESAs in the Audit Store Cluster should share the same certificate. |
| 8 | Audit Store REST – Client | es_admin | NA | Client | All the ESAs in the Audit Store Cluster should share the same certificate. |
| 9 | Audit Store PLUG – Client | plug | NA | Client | All the ESAs in the Audit Store Cluster should share the same certificate. |
| 10 | Audit Store Analytics – Client | insight_analytics | NA | Client | All the ESAs in the Audit Store Cluster should share the same certificate. |
| 11 | DSG Management-Server | FQDN of DSG where it is applied | Hostname and FQDN of DSG where it is applied | Server | Each DSG would have its own unique server certificate. |
| 12 | DSG Admin Tunnel – Server Certificate | FQDN of DSG where it is applied | Hostname and FQDN of DSG where it is applied | Server | Each DSG would have its own unique server certificate. |
| 13 | DSG Tunnel – Client Certificate | ProtegrityClient | NA | Client | CN value is configurable in
gateway.json |
The following table provides example as per the recommended deployment architecture mentioned in the section Model Architecture.
| S.No. | Certificate | CN | SAN | Cert Type | |||
| 1 | CA | As per industry standards | NA | CA | |||
| 2 | ESA Management – Server | ESA P1 | ESAP1.protegrity.com | ESA P1 | ESAP1.protegrity.com | ||
| ESA S1 | ESAS1.protegrity.com | ESA S1 | ESAS1.protegrity.com | ||||
| ESA S2 | ESAS2.protegrity.com | ESA S2 | ESAS2.protegrity.com | ||||
| ESA S3 | ESAS3.protegrity.com | ESA S3 | ESAS3.protegrity.com | ||||
| ESA S4 | ESAS4.protegrity.com | ESA S4 | ESAS4.protegrity.co | ||||
| ESA S5 | ESAS5.protegrity.com | ESA S5 | ESAS5.protegrity.com | ||||
| 3 | ESA Management – Client | Protegrity Client | NA | Client | |||
| 4 | Consul Server | ESA P1 | server.ptydatacenter. protegrity | ESA P1 | ESAP1.protegrity.com | Server | |
| ESA S1 | server.ptydatacenter. protegrity | ESA S1 | ESAS1.protegrity.com | ||||
| ESA S2 | server.ptydatacenter. protegrity | ESA S2 | ESAS2.protegrity.com | ||||
| ESA S3 | server.ptydatacenter. protegrity | ESA S3 | ESAS3.protegrity.com | ||||
| ESA S4 | server.ptydatacenter. protegrity | ESA S4 | ESAS4.protegrity.com | ||||
| ESA S5 | server.ptydatacenter. protegrity | ESA S5 | ESAS5.protegrity.com | ||||
| 5 | Audit Store – Server | Audit Store Cluster- Primary Site | ESA P1 | insights_cluster | ESA P1 | ESAP1.protegrity.com ESAS1.protegrity.com ESAS2.protegrity.com | Server |
| ESA S1 | insights_cluster | ESA S1 | ESAP1.protegrity.com ESAS1.protegrity.com ESAS2.protegrity.com | ||||
| ESA S2 | insights_cluster | ESA S2 | ESAP1.protegrity.com ESAS1.protegrity.com ESAS2.protegrity.com | ||||
| Audit Store Cluster- DR Site | ESA S3 | insights_cluster | ESA S3 | ESAS3.protegrity.com ESAS4.protegrity.com ESAS5.protegrity.com | |||
| ESA S4 | insights_cluster | ESA S4 | ESAS3.protegrity.com ESAS4.protegrity.com ESAS5.protegrity.com | ||||
| ESA S5 | insights_cluster | ESA S5 | ESAS3.protegrity.com ESAS4.protegrity.com ESAS5.protegrity.com | ||||
| 6 | Audit Store – Client | es_security_admin | NA | Client | |||
| 7 | Audit Store REST – Server | Use same certificate created in entry 5 | Use same certificate created in entry 5 | Server | |||
| 8 | Audit Store REST – Client | es_admin | NA | Client | |||
| 9 | Audit Store PLUG – Client | plug | NA | Client | |||
| 10 | Audit Store Analytics – Client | insight_analytics | NA | Client | |||
| 11 | DSG Management-Server | FQDN of DSG where it is applied | Hostname and FQDN of DSG where it is applied | Server | |||
| 12 | DSG Admin Tunnel – Server Certificate | FQDN of DSG where it is applied | Hostname and FQDN of DSG where it is applied | Server | |||
| 13 | DSG Tunnel – Client Certificate | ProtegrityClient | NA | Client | |||
Feedback
Was this page helpful?