Platform Deployment Guide › Advanced Encryption Mode › Advanced Encryption Certificates › Root and Enterprise Certificates

Root and Enterprise Certificates

CA DLP uses certificates with a two-level hierarchy:

• Root certificate: This serves as the trusted root certificate. It is used to sign the Enterprise certificate. The root certificate enables CA DLP machines to authenticate each other before transferring sensitive data. You must create a self-signed root certificate on a secure server.
• Enterprise certificate: This certificate is signed by the trusted root certificate. CA DLP machines use this certificate to encrypt data transfers between machines.

  When you update the enterprise certificate, its serial number is incremented by 1 and the previous serial number is added to the Revocation List (see below).

The root certificate, plus the enterprise certificate and the private key from its associated key pair, are then added to the Key Store and distributed to all CA DLP machines. This enables any machine in the CA DLP enterprise to use TLS to communicate with any other CA DLP machine.