Skip to main content
Enhance security with a signed SSL certificate
Updated over a week ago

To ensure enhanced security, you can now use your own signed SSL certificates that are verified over a TLS connection. This secures communication between Enterprise Workloads agent on multiple nodes and between components on the same server.

Prerequisites

You must have the SSL certificate and the key file for your domain name.

The SSL certificate file typically has a file extension of .crt, and the key file typically has a file extension of .key. Contact your network administrator for these files.

Additionally, you must add the root-CA certificate of the certificate authority (CA) to the trust pool of the Oracle server.

Before continuing, note the path where you saved the certificate, the key file, and the rootCA file.


Important: When you use custom certificates, Druva enables secure TLS communication along with the hostname verification by default. For this, you must add information of all hostnames or domain names that need to connect to the server that will be participating in the backup while generating the certificate. If a new host is added to the cluster, make sure you update its information in the certificate.


Procedure

Edit section

Log in to your Oracle server, open a terminal, and perform the following steps:

  1. Open the following file in any editor:
    /etc/Druva/EnterpriseWorkloads/Oracle/OraclePlugin.yml

2. To enable custom certificates instead of the default self-signed certificate, set the value of the use_custom_certs parameter to true. The default value of this parameter is false.

3. Provide the complete path where you saved the certificate, server key, and public key file as shown below:
custom_server_cert: </absolute_path>/certificate.crt
custom_server_key: </absolute_path>/private.key
custom_ca_pem_file: </absolute_path>/public.key

4. Save the configuration file and restart the Enterprise Workloads agent service using the following command:

systemctl restart Druva-EnterpriseWorkloads.service

Did this answer your question?