Certificate Infrastructure


dbWatch Control Center uses an internal public key infrastructure (PKI) to ensure secure communication, identity management, configuration integrity, and access control across all nodes and users in the domain.

Each Control Center domain operates its own certificate authority (CA) that issues and manages certificates for server nodes, clients, users, and configuration files.



Domain Root Certificate

The Domain Root Certificate is the trust anchor for the entire dbWatch Control Center domain. It:

> If a domain’s root certificate is compromised, all trust relationships must be revoked and re-established.


User Identity Certificate

This certificate is used by the domain CA to sign user certificate requests. It ensures:


Granting Certificate

The Granting Certificate is used by the domain to:

This enables strong role-based access control (RBAC) backed by cryptographic assurance.


Configuration Certificate

The Configuration Certificate is used to sign system-wide settings, such as:

This ensures configuration integrity during replication or rollout to other nodes. Tampering with a signed configuration will result in a validation failure.


Publication Certificate

The Publication Certificate is used to:


Security and Trust Model

All certificates are managed within the dbWatch Control Center domain and:

No external certificate authority is required unless cross-domain trust or third-party integration demands it.


Recommendations


Related Topics


For advanced certificate management or trust configuration in segmented environments, contact:
support@dbwatch.com