Key Points

Key Points

CA DataMinder uses TLS and certificates to enable FIPS 140-2 compliant data transfers between machines.
CA DataMinder machines use a single enterprise certificate and private key across the CA DataMinder enterprise.
There is no authentication of individual machines. Any machine possessing the enterprise certificate and its associated private key can communicate with any CA DataMinder machine that uses the same certificate.

Certificates and Key Store

A self-signed root certificate and a single enterprise certificate, and associated key pairs, are generated before installing CA DataMinder.
A Key Store containing the root certificate, the enterprise certificate, and the private key for the enterprise certificate key pair is deployed throughout the CA DataMinder enterprise.
Possession of the Key Store is enough to permit any CA DataMinder machine to communicate with other CA DataMinder machines.
The critical files (keystore.dat, revocation.properties, and wigan.java.security) are stored in the CA DataMinder \data and \system folders. You must secure these file locations as part of the general machine hardening process after deployment.

Deployment

Advanced Encryption Mode must be enabled at install time, and if enabled must be enabled on every CA DataMinder machine. There is no backward compatibility with existing CA DataMinder installations.
There is no automatic integration with third-party Public Key Infrastructures (PKIs).
Mechanisms to replace the enterprise certificate and its key-pair are not built into CA DataMinder. Instead, you must use a manual process, or a third-party software distribution mechanism, in conjunction with the OpenSSL.exe utility (provided by CA).