About Generating a Unique, Self-signed SSL Certificate for Data Loss Prevention Servers
The default Enforce Server certificate that is generated when you install a detection server is not secure for cloud deployments.
You need to generate a custom server certificate using the SSL certificate generation tool that is provided with the Data Loss Prevention installation. Then, you deploy this custom certificate to both the on-premises Enforce Server and each detection server in the AWS cloud.
A custom SSL certificate secures communication between your Data Loss Prevention servers. To generate a custom SSL certificate, see Configuring certificates for secure server communications.