Digital Certificates Prerequisites
This section describes the certificate requirements for secure communications between ObserveIT Agents and ObserveIT servers.
Certificates must be issued by a trusted Certificate Authority.
TLS Certificates
-
TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits.
-
TLS server certificates and issuing CAs must use a hash algorithm from the SHA-2 family or higher in the signature algorithm.
-
TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.
-
TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).
Related Topic: