Digital Certificates Prerequisites

This section describes the certificate requirements for secure communications between ITM On-Prem (ObserveIT) Agents and ITM On-Prem (ObserveIT) servers.

Certificates must be issued by a trusted Certificate Authority.

TLS Certificates

  • TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits.

  • TLS server certificates and issuing CAs must use a hash algorithm from the SHA-2 family or higher in the signature algorithm.

  • TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.

  • TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).

Related Topic:

System Installation Prerequisites