ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Enforce to Detection server custom communication certificate supportability

book

Article ID: 239230

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite

Issue/Introduction

Utilizing a custom certificate for Enforce to Detection server communication. 

Some customers would like to implement a CA certificate for Server to Detector communication.

Environment

DLP all versions 

Resolution

Product does not support Enforce to Detection server communication using Custom CA certificates.

Added customer to enhancement request and provided details on how the certs are utilized and the limitations.

DLP uses Private CA certificates baked into the product, a unique pair of public and private keys are generated one for Enforce and one for the Detection server. There is no need for OCSP or CRL since to revoke the certificate you delete the Detection server.

We do support using the built in sslkeytool to create a new certificate that can be added to all the servers in that environment to prevent a possible issue where a rogue Enforce attempts to communicate with a Detection server in production.