<< Click here to display Table of Contents >>

Appendix: SSL Certificate Requirements

Contents

The requirements of SSL certificates may vary for different NetBrain servers, depending on their different roles in SSL encrypted connections, SSL-server or SSL-client.

▪SSL Certificate Requirements for SSL-Server

▪SSL Certificate Requirements for SSL-Client

Certificate Requirements for SSL-Server

The following table lists the requirements of SSL certificates for NetBrain servers that work as SSL-server in encrypted connections.

NetBrain Server	Required SSL Certificate and Key	Format
MongoDB Server Index Server License Agent Server Cache Server Message Server Front Server Controller	▪Certificate that contains a public key. For example, cert.pem. ▪CA certificate (only required for Index Server). For example, ca.pem.	Base-64 encoded X.509 PEM
▪Private key. For example, key.pem. Note: Private keys protected by a password are not supported.	PKCS#8 key

NetBrain Server

Required SSL Certificate and Key

Format

MongoDB Server

Index Server

License Agent Server

Cache Server

Message Server

Front Server Controller

▪Certificate that contains a public key. For example, cert.pem.

▪CA certificate (only required for Index Server). For example, ca.pem.

Base-64 encoded X.509 PEM

▪Private key. For example, key.pem.
Note: Private keys protected by a password are not supported.

PKCS#8 key

Tip: The certificates in PEM format usually have extensions such as .pem, .crt, .cer, and .key.

Certificate Requirements for SSL-Client

Note: By default, NetBrain servers that work as SSL-client don't require any SSL certificates. If you want to authenticate the Certificate Authority of the certificates for SSL-server, then the SSL certificates are required on SSL-client.

The following table lists the certificate requirements for SSL-client, including Web Server, Web API Server, Worker Server, Front Server, Front Server Controller, Task Engine, Service Monitor Agent, and Update Server.

Authentication Method	Requirements	Format
Use the certificates installed on Windows	▪All the certificates are valid and installed in the certificate store. ▪The certificate store must be under the Trusted Root Certification Authorities directory instead of the Personal directory.	N/A
Upload certificates when installing NetBrain servers	▪For Front Server and Worker Server: CA certificate containing root CA certificate and class 2 CA certificate is required. ▪For other SSL-client: class 2 or class 3 CA certificate is required.	Base-64 encoded X.509 PEM

Authentication Method

Requirements

Format

Use the certificates installed on Windows

▪All the certificates are valid and installed in the certificate store.

▪The certificate store must be under the Trusted Root Certification Authorities directory instead of the Personal directory.

N/A

Upload certificates when installing NetBrain servers

▪For Front Server and Worker Server: CA certificate containing root CA certificate and class 2 CA certificate is required.

▪For other SSL-client: class 2 or class 3 CA certificate is required.

Base-64 encoded X.509 PEM