search cancel

Enforce to Detection server custom communication certificate supportability


Article ID: 239230


Updated On:


Data Loss Prevention Enterprise Suite


Utilizing a custom certificate for Enforce to Detection server communication. 

Some customers would like to implement a CA certificate for Server to Detector communication.


DLP all versions 


Product does not support Enforce to Detection server communication using Custom CA certificates.

Added customer to enhancement request and provided details on how the certs are utilized and the limitations.

DLP uses Private CA certificates baked into the product, a unique pair of public and private keys are generated one for Enforce and one for the Detection server. There is no need for OCSP or CRL since to revoke the certificate you delete the Detection server.

We do support using the built in sslkeytool to create a new certificate that can be added to all the servers in that environment to prevent a possible issue where a rogue Enforce attempts to communicate with a Detection server in production.