Page created: 24 Jul 2019
|
Page updated: 13 Nov 2019
Generated during installation, the inter-server certificate is stored under the alias
ads-certificate in a file named ads-truststore, which
resides in the server’s /config
directory. This certificate contains the
key pair for the local server as well as for the certificates of all trusted servers, and has a
lifetime of 20 years before expiring.
The local server's public key is signed by its own private key, making it a self-signed certificate. The alias is hard-coded to ads-certificate, and the keystore file is hard-coded to ads-truststore. This behavior cannot be modified during setup.
Warning:
- Although some customers feel uncomfortable with the self-signed nature of the inter-server
certificate, we recommend that you do not replace it with a CA-signed certificate for the
following reasons:
- If the inter-server certificate is replaced incorrectly, serious problems can occur during topology authentication.
- The inter-server certificate is used for internal purposes only.
- If the server's access logs contain authentication (bind) errors, the inter-server certificate is most likely configured inappropriately. In the topology registry, this certificate is persisted in the inter-server-certificate property of a server instance.