SSL certificates for External S-TAP
To help protect SSL-enabled systems, the Guardium® External S-TAP requires that you acquire a Secure Socket Layer (SSL) digital certificate for a TLS-encrypted database. If your database environment is not SSL-enabled, you can skip this step.
With External S-TAP there are two ways in which you can configure SSL certificates for your Guardium system:
- Recommended: Configure on-demand certificate generation by storing an intermediate certificate on the Guardium central manager or collector. Guardium can use that certificate to automatically generate certificates for every External S-TAP container.
- Manually create a certificate signing request and then store the certificates on any Guardium collectors that use External S-TAP.
Note: Guardium does not provide CA services.
After you configure the certificates for the central manager, you can use the pull_external_stap_keystore GuardAPI to copy the keystore from the central manager to one or more managed units.