|
<< Click to Display Table of Contents >> Navigation: Peer Global File Service Help > Advanced Topics > Managing TLS Certificates |
If you are a PeerGFS administrator, you may need to manage Transport Layer Security (TLS) certificates when configuring secure communications, replacing default or expired certificates, or maintaining trusted connections between system components. PeerGFS uses TLS to secure communication between its components, including the Peer Management Center (PMC), brokers, and Agents.
TLS ensures that:
•Connections are encrypted
•Each component can verify the identity of the other
•Data is protected during transmission
Important: SSL vs TCP Configuration
TLS is used only when a component is configured for SSL.
•SSL enabled - Secure, encrypted communication using certificates
•TCP configured - No encryption, no certificates, no TLS handshake
This topic provides a conceptual overview of how TLS certificates are used in PeerGFS and which certificate management tasks are available from the Peer Management Center (PMC) user interface. Procedures for creating, importing, restoring, and updating certificates are covered in the related task topics.
TLS certificates are used by the following components:
Component |
Purpose |
|---|---|
PMC |
Secures access to the web user interace and API. |
Agents |
Secures communication with the PMC and brokers |
Brokers |
Secures communication and data transfer between other brokers (when using a network of brokers) |
TLS certificates provide:
•Authentication – Verifies the identity of communicating hosts.
•Encryption – Protects data in transit.
PeerGFS provides default certificates for initial deployment. You can replace these certificates with:
•Self-signed certificates
•Certificates signed by a Certificate Authority (CA)
TLS certificates are managed through the PMC. Certificate management tasks are performed separately for broker certificates and web client certificates. When you initiate a certificate management operation, the PMC distributes the required certificate changes to brokers and Agents and maintains certificate synchronization among the affected components. You do not need to manually update or distribute certificate files on individual hosts.
You can:
•Generate self-signed broker certificates
•Import broker certificates
•Restore default broker certificates
•View broker certificate details
•Download broker certificates
•Update trusted broker certificates
•Replace broker certificates while brokers are in Maintenance Mode
You can:
•Generate self-signed web client certificates
•Import web client certificates
•Restore default web client certificates
PeerGFS also provides utility scripts for certificate management. For more information about using the scripts, see the knowledge base article Replace TLS Certificates.