Managing TLS Certificates

<< Click to Display Table of Contents >>

Navigation:  Peer Global File Service Help > Advanced Topics >

Managing TLS Certificates

Overview

If you are a PeerGFS administrator, you may need to manage Transport Layer Security (TLS) certificates when configuring secure communications, replacing default or expired certificates, or maintaining trusted connections between system components.  PeerGFS uses TLS to secure communication between its components, including the Peer Management Center (PMC), brokers, and Agents.

TLS ensures that:

Connections are encrypted

Each component can verify the identity of the other

Data is protected during transmission

Important:  SSL vs TCP Configuration

TLS is used only when a component is configured for SSL.

SSL enabled - Secure, encrypted communication using certificates

TCP configured - No encryption, no certificates, no TLS handshake

This topic provides a conceptual overview of how TLS certificates are used in PeerGFS and which certificate management tasks are available from the Peer Management Center (PMC) user interface.  Procedures for creating, importing, restoring, and updating certificates are covered in the related task topics.

How TLS Certificates Are Used in PeerGFS

TLS certificates are used by the following components:

Component

Purpose

PMC

Secures access to the web user interace and API.

Agents

Secures communication with the PMC and brokers

Brokers

Secures communication and data transfer between other brokers (when using a network of brokers)

TLS certificates provide:

Authentication – Verifies the identity of communicating hosts.

Encryption – Protects data in transit.

PeerGFS provides default certificates for initial deployment.  You can replace these certificates with:

Self-signed certificates

Certificates signed by a Certificate Authority (CA)

Certificate Management in the PMC

TLS certificates are managed through the PMC.  Certificate management tasks are performed separately for broker certificates and web client certificates.  When you initiate a certificate management operation, the PMC distributes the required certificate changes to brokers and Agents and maintains certificate synchronization among the affected components.  You do not need to manually update or distribute certificate files on individual hosts.

Broker Certificate Tasks

You can:

Generate self-signed broker certificates

Import broker certificates

Restore default broker certificates

View broker certificate details

Download broker certificates

Update trusted broker certificates

Replace broker certificates while brokers are in Maintenance Mode 

Web Client Certificate Tasks

You can:

Generate self-signed web client certificates

Import web client certificates

Restore default web client certificates

Script-Based Certificate Management

PeerGFS also provides utility scripts for certificate management.  For more information about using the scripts, see the knowledge base article Replace TLS Certificates.