Platform Deployment Guide › Advanced Encryption Mode › Advanced Encryption Certificates › Root and Enterprise Certificates

Root and Enterprise Certificates

CA DataMinder uses certificates with a two-level hierarchy:

• Root certificate: This serves as the trusted root certificate. It is used to sign the Enterprise certificate. The root certificate enables CA DataMinder machines to authenticate each other before transferring sensitive data. You must create a self-signed root certificate on a secure server.
• Enterprise certificate: This certificate is signed by the trusted root certificate. CA DataMinder machines use this certificate to encrypt data transfers between machines.

  When you update the enterprise certificate, its serial number is incremented by 1 and the previous serial number is added to the Revocation List (see below).

The root certificate, plus the enterprise certificate and the private key from its associated key pair, are then added to the Key Store and distributed to all CA DataMinder machines. This enables any machine in the CA DataMinder enterprise to use TLS to communicate with any other CA DataMinder machine.