Planning for a secure communication between the API and several Collector Server instances

Edit online

The API can communicate with several instances of Collector Server. The Collector Server instances can be on the same system or on different systems. Ensure, however, that the keystores contain all necessary certificates.

When the client keystores are created, they contain one server certificate only, namely the server certificate of the Collector Server instance where the keystores were created. With the script file register_server.bat, which is installed with the add-ons package, you can register the certificates of other Collector Server instances. With the script file client_key_gen, which is installed with the base package, you can add client certificates that were created on other Collector Server instances, to a server keystore. A certificate must have a unique label within a keystore. With both script files, you can view the labels that are already assigned and you can assign new labels.

The API might be installed on a system with several users. In this case, ensure that each authorized user has access to the client keystore that contains the certificates of all trusted Collector Server instances that are involved.

Keep a record of all names and labels that you assign, the location of the keystores, and the number of the client keystores that you already created on each Collector Server instance. Also, document which certificate belongs to which user and which certificates are shared by which users.

For information about how to set up secure connections between the API and several Collector Server instances, see Setting up a secure communication between the API and several Collector Server instances.