Certificate Requirements
The following table outlines the certificate requirements for various components within the ESA infrastructure:
| S.No. | Certificate | CN | SAN | Cert Type | Comments |
| 1 | CA | As per industry standards | NA | CA | NA |
| 2 | ESA Management – Server | FQDN of ESA where it is applied | Hostname and FQDN of ESA where it is applied | Server | Each ESA would have its own unique server certificate. |
| 3 | ESA Management – Client | Protegrity Client | NA | Client | Each ESA would have its own unique client certificate. |
| 4 | Consul Server | server.<datacenter name>.<domain> | 127.0.0.1 Hostname and FQDN of ESA where it is applied | Server | Each ESA would have its own unique server certificate. The
domain and datacenter name must be equal to the value mentioned in
the config.json file.For example, server.ptydatacenter.protegrity.Skip this certificate, consul is uninstalled, and traditional TAC is
being used. |
| 5 | Audit Store – Server | insights_cluster | Hostname and FQDN of all the ESAs in the Audit Store Cluster | Server | All the ESAs in the Audit Store Cluster should share the same certificate. |
| 6 | Audit Store – Client | es_security_admin | NA | Client | All the ESAs in the Audit Store Cluster should share the same certificate. |
| 7 | Audit Store REST – Server | Use same certificate created in entry 5 | Use same certificate created in entry 5 | Server | All the ESAs in the Audit Store Cluster should share the same certificate. |
| 8 | Audit Store REST – Client | es_admin | NA | Client | All the ESAs in the Audit Store Cluster should share the same certificate. |
| 9 | Audit Store PLUG – Client | plug | NA | Client | All the ESAs in the Audit Store Cluster should share the same certificate. |
| 10 | Audit Store Analytics – Client | insight_analytics | NA | Client | All the ESAs in the Audit Store Cluster should share the same certificate. |
| 11 | DSG Management-Server | FQDN of DSG where it is applied | Hostname and FQDN of DSG where it is applied | Server | Each DSG would have its own unique server certificate. |
| 12 | DSG Admin Tunnel – Server Certificate | FQDN of DSG where it is applied | Hostname and FQDN of DSG where it is applied | Server | Each DSG would have its own unique server certificate. |
| 13 | DSG Tunnel – Client Certificate | ProtegrityClient | NA | Client | CN value is configurable in
gateway.json |
Feedback
Was this page helpful?