About Security Certificates

To establish a secure (HTTPS) connection between servers in the Policy Management network, or to establish secure connections with third-party systems, you need to create and exchange secure sockets layer (SSL) security certificates, which allow for encrypted communication, before putting the system into production. The platcfg utility supports two types of security certificates: self-signed and third-party.

The following terms relate to the management of certificates:
Certificate
Used by SSL to verify a trusted server; sometimes referred to in platcfg as a Key.
CN (Common Name)
The primary ID inside of a certificate. The Keystore Input Parameters page refers to the CN as First and Last Name.
First and Last Name
The primary ID inside of a certificate, also known as the CN.
Key
Another name sometimes used in platcfg to refer to a Certificate.
Local keystore
A file, protected by password-based encryption, that stores self-signed certificates generated on the local servers of a cluster. All servers in a cluster share the same local keystore.
Certificate keystore
A file, protected by password-based encryption, that stores imported certificates generated on other clusters.
When a secure connection is established between the CMP system and a Policy Management cluster:

Figure 1 shows an example of statistics information displayed on the Reports tab of the Policy Server Administration page over a secure connection for an MPE cluster.

Statistics Displayed Over a Secure Connection