Highlighted
Super Contributor.. Super Contributor..
Super Contributor..
775 views

How many CA certificates are required to set up SSL with ALM and Performance Center?

We have:

Four ALM servers behind a VIP

Two Performance Center servers

Nine Controller servers

87 Load Generator servers

 My company’s Certificate Authority Group said we need to create one certificate per server. Pervious tickets/discussion with MF/HP have produced different answers:

  1. one certificate for all servers
  2. one for the ALM servers & One for Performance Center servers (not hosts)
  3. one for ALM, one for the PC servers and another for the Hosts.

any assistance would be appreciated. 

0 Likes
3 Replies
Highlighted
Honored Contributor.
Honored Contributor.

Hi wjm8914,

In the answer below I assume you were refering to a server / client certificates as CA certificate will probably be one.

In general PC does support the configuration of the SSL using minimal number of certificates as was suggested to you previously, however having a dedicated server / client certificate per server as required by your company is a much more secure of SSL set up and is supported by the prodcut as well.

Regards,
Eyal 

0 Likes
Highlighted
Super Contributor.. Super Contributor..
Super Contributor..

Eyal, thank you for the answer.   Just to clarify, one CA certificate for each server, including the Load Generators?

I've recieved multiple answers about certificates on the LG's.

 

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Hi @wjm8914,

In order to avoid confusion, I will write my reply in bullets this time

  • CA is a certificate authority which signs a certificate. Let’s distinguish between the two
  • I do not think the CA should be unique or dedicated for each certificate. You should probably rely on a trusted CA and sign all certificates with it. You can however use different certificates for different PC machines.
  • Performance Center has multiple components/machines. Each can be configured with a dedicated certificate. For the Load Generators specifically there are nuances in case Load Generator is configured behind a firewall. I will ignore LG over FW in my reply.
  • ALM server and PC server are user facing applications, hence each should have a dedicated certificate with known CA in order to avoid browser trust related errors
  • Load Generators and Controllers can be configured to communicate using SSL with certificate. For the most secured configuration you should use a unique certificate for each Load Generator, but all the certificates must be signed using the same CA. You can read all information in this help page

 

Should you require further help please open a support ticket and refer to this post.

Regards,
Eyal

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.