SSL Certificates

The use of secured socket layer (aka SSL) prevents a man-in-the-middle from tampering or eavesdropping the communication between two parties. Though it may not be a requirement it is certainly a best practice to secure all communication channels that may be used to transmit sensitive data. The DSG’s function is to transform data transmitted through it. To achieve that over a secured communication channel it is necessary for DSG to terminate the inbound TLS/SSL communication. This step may be skipped when no inbound SSL is used, otherwise, SSL Server Certificates and Keys are needed for DSG to properly terminate inbound SSL connections.

During the install process of the DSG, a series of self-signed SSL Certificates are generated for your convenience. You may use it in non-production environments. It is recommended however to use your own certificates for production use.

No further action is required if you choose to use the service certificate generated during install time.

Certificates and keys can be uploaded for use with the DSG cluster after the installation. Should you choose to use certificates generated elsewhere, be prepared to upload both the certificate and the associated key in such case. Supported certificate file formats are .crt and .pem.

You may need to generate your own self-signed certificates of specific attributes such as hostname, key strength or expiration date.