Assume that it is not necessary to secure the communications between the Core and Satellite servers; an SSL connection between them is not necessary. However, secure communications (LDAPS) are still required for the Core or Satellite server’s communications with external servers (such as those hosting vendors’ web sites), other HPCA servers, and Active Directory.
In order to trust that these other servers are “who” they claim to be, the Core or Satellite must obtain each server’s public certificate, or the signature of the issuing Certificate Authority (CA). The Core or Satellite must also have a CA Certificates file, which it has obtained from a Certificate Authority, and which must be available to other servers so that they can decrypt messages from the Core or Satellite. (The Core and Satellite installations include a set of default trusted authorities, ca-bundle.crt
, which is suitable for most environments.)