Crypto Catalog


This page documents the cryptographic file layout used internally by dbWatch Control Center to manage identity, encryption, and trust within the Control Center domain. These files support secure communication, certificate-based authentication, and system integrity.


Default Locations

All file paths are relative to the base installation directory.

> Both platforms use the same folder and file structure. The contents below apply to either path.


Domain Controller – Certificate Authority Files

On the Domain Controller, which acts as the internal CA, the following files are used to manage trust across the domain:

File Path Description
/crypto/ca/dbw_dc_cert.pem Domain Controller’s signed certificate
/crypto/ca/dbw_dc_pub.pem Public key of the Domain Controller
/crypto/ca/dbw_dc_priv.pem Private key of the Domain Controller
/crypto/keys/root/root_cert.pem Self-signed root certificate of the domain
/crypto/keys/root/root_pub.pem Root certificate’s public key
/crypto/keys/root/root_priv.pem Root certificate’s private key

These files are foundational for all domain-issued certificates, including users, nodes, and configuration signatures.


Node Identity and Key Files

Each Monitor or local node stores its unique keypair and certificate under its domain-specific context:

File Path Description
/crypto/keys/[domain_name]/dbw_cert.pem Node certificate issued by Domain CA
/crypto/contexts/node/dbw_pub.pem Node’s public key
/crypto/contexts/node/dbw_priv.pem Node’s private key
/crypto/contexts/node/keyContext.json Metadata for key usage and identity context

> `[domain_name]` corresponds to the active Control Center domain (e.g., `exampledomain.local`).


TLS Communication Context

For secure transport-layer encryption, TLS-specific keys and certificates are maintained separately:

File Path Description
/crypto/contexts/tls/dbw_pub.pem TLS public key
/crypto/contexts/tls/dbw_priv.pem TLS private key
/crypto/contexts/tls/keyContext.json Key metadata for TLS operations
/crypto/contexts/tls/certificates/CN=dbw-tls-self.pem Self-signed TLS cert for internal use
/crypto/contexts/tls/certificates/CN=tls-[domain].pem Domain-specific TLS cert (used if externally signed)

These files are used for securing connections over port 7100 between all Control Center components.


Trust Store (Optional – Cross-Domain)

If dbWatch nodes are expected to trust external certificates (e.g., signed root authorities), trust stores may be populated under:

File Path Description
/config/node/trustStore/CN=dbw-root-cert-[domain].pem Trusted external root certificate

Security Recommendations


Related Topics


For assistance managing keys, restoring trust chains, or securing Control Center deployment, contact:
support@dbwatch.com