Versions Compared

Version Old Version 8 New Version 9
Changes made by

Panna .

Shwetha S

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

Note

  • For valid self-signed certificates, Grid Manager does not display any additional information. However, for expired and invalid certificates Grid Manager displays the issuer/subject information in the Certification Validation Results screen.

  • Warning messages are displayed for expired certificates and for certificates with no SKI (Subject Key Identifier) in the concatenated certificate file.

About API Certificates

If a member is added to a subscriber site of type API, API certificates are necessary to activate the subscriber service on that Grid member.

To upload an API certificate:

  1. From the Grid tab, select the Grid Manager tab.
    From the Grid tab, select the Grid Manager tab -> Members tab -> member checkbox.

  2. Select Certificates -> Manage API Certificates from the Toolbar.

  3. In the API Certificates editor, there are files used for mutual TLS communication between the gRPC server and external gRPC clients. Ensure to upload all the three required certificates to complete the TLS handshake:

    • Server Certificate File.The server certificate file is a digital certificate used by the API server to authenticate the API client during SSL/TLS handshake.

    • Server Key File.The server key file is an RSA key file of size 4096.

    • CA Certificate file. This file is used for mutual TLS communication between API server and API Client.

  4. In the Upload dialog box, click Select and navigate to the certificate you want to upload.

  5. Click Close to exit the API Certificates dialog.

About DNSTAP Certificates

DNSTAP certificates are necessary for sending TLS violations using DNSTAP. To enable Violations over TLS in Grid DNS Properties or Member DNS Properties editor, DNSTAP certificates are mandatory. For information about configuring dnstap and configuring dnstap for violations over TLS, see Configuring dnstap.

To upload a DNSTAP certificate:

  1. From the Grid tab, select the Grid Manager tab.

  2. Select Certificates -> Manage DNSTAP Certificates from the Toolbar.

  3. In the DNSTAP Certificates editor, there are files used for mutual TLS communication between the DNSTAP receiver and external DNSTAP clients. Ensure to upload all the three required certificates to complete the TLS handshake :

    • Client Certificate File. The client certificate file Is a digital certificate used to authenticate the DNSTAP client to a receiver during a SSL/TLS handshake.

    • Client Key File: DNSTAP client key file is a private key file used in SSL/TLS encryption for TLS data.

    • CA Certificate file: This file is used for mutual TLS communication between the receiver and the client.

  4. In the Upload dialog box, click Select and navigate to the certificate you want to upload.

  5. Click Close to exit the DNSTAP Certificates dialog.