Skip to content

TLS Certificates

This page documents the TLS certificates that are required in order to start and use various Streaming Integration Platform components on Windows or Linux host systems.

Configuration Server

TLS certificates for Configuration Server are in the following locations:

Windows
%ProgramData%\Synergex\SIP\config-server

Linux
/etc/synergex/sip/isam-agent

The certificate files are as follows:

Certification Authority (CA) TLS certificate

config-server-ca-hostname.crt

CA certificate password file

config-server-ca-hostname.key

Server TLS certificate

config-server-hostname.pfx

Server certificate password file

config-server-hostname.pass

When Configuration Server starts, it will check whether the TLS certificate and password files for a local Certification Authority (config-server-ca-hostname.crt and config-server-ca-hostname.key) are present. If they're not present, they will be created, but they may or may not subsequently be used.

Having checked that CA files are present, Configuration Server next checks whether its local server TLS certificate files (config-server-hostname.pfx and config-server-hostname.pass) exist. If they do exist, they'll be loaded and used. If they don't exist, the local Certification Authority will be used to produce a new self-signed certificate and password file, and those files will be loaded and used.

If you want to provide your own TLS certificate for Configuration Server to use, simply provide the server certificate and associated password file with the expected names and place them in the appropriate directory prior to starting Configuration Server.

ISAM Agent

TLS certificates for ISAM Agent are in the following locations:

Windows

%ProgramData%\Synergex\SIP\isam-agent

Linux

/etc/synergex/sip/isam-agent

The certificate files are as follows:

Server TLS certificate file

isam-agent-hostname.pfx

Server TLS certificate password file

isam-agent-hostname.pass

JSON Agent

TLS certificates for JSON Agent are in the following locations:

Windows

%ProgramData%\Synergex\SIP\json-agent

Linux

/etc/synergex/sip/json-agent

The certificate files are as follows:

Server TLS certificate file

json-agent-hostname.pfx

Server TLS certificate password file

json-agent-hostname.pass

SQL Agent

TLS certificates for SQL Agent are in the following locations:

Windows

%ProgramData%\Synergex\SIP\sql-agent

Linux

/etc/synergex/sip/sql-agent

The certificate files are as follows:

Server TLS certificate file

sql-agent-hostname.pfx

Server TLS certificate password file

sql-agent-hostname.pass

Message Broker and Snapshot Agent (Windows and Linux)

If Configuration Server is in use, then trust of the certificates in use, or ideally the issuing Certification Authority, must be established.

If either the Kafka server(s) or S3 storage server are using TLS, then trust of the certificates in use, or ideally the issuing Certification Authority, must be established.

Message Broker and Snapshot Agent (OpenVMS)

If either the Kafka server(s) or S3 storage server are using TLS, then trust of the certificates in use, or ideally the issuing Certification Authority, must be established.