Managing certificates
In
Control Compliance Suite
(CCS), a unique certificate is created for each installable component on each host. Certificates secure the environment by using a unique identifier for communications between Control Compliance Suite core components. If any host or certificate becomes compromised, the compromised single certificate can be revoked using the Certificate Management Console
. When the certificate is revoked, only the compromised component is effected. The certificate of the single component must be regenerated and bound with the Control Compliance Suite
system, and the component is fully functional again. If a host or certificate is compromised no other components are affected. Certificates are kept and maintained in the certificate store.In
Control Compliance Suite
(CCS), a unique certificate is created for each installable component on each host. Certificates secure the environment by using a unique identifier for communications between CCS core components. The Certificate Management Console
manages the certificates. In a distributed system, you create the application server certificate or the Data Processing Service (DPS) certificate manually using the console. The application server certificate is unbound until the component is installed. The DPS certificate is unbound until registered in the System Topology in the CCS console.If any host or certificate becomes compromised, the compromised single certificate can be unbound using the
Certificate Management Console
. When the certificate is unbound, the compromised component can communicate with other CCS components. The Symcert
untrust
command places the certificate in an untrusted store and revokes communications with that certificate. The certificate of the single component must be regenerated and bound with the Control Compliance Suite
system, and the component is fully functional again.You can review the certificates in the following locations:
- Certificatesview in the CCS Console
- Certificate Management Console