Configure Security Compliance Management mTLS certificates
If you want to manually provide your own mTLS certifications, follow this process to generate certificates for Security Compliance Management in Puppet Enterprise (PE). If you are using automatically generated mTLS certificates, you can skip this.
Certificates are required when setting up Security Compliance Management for the following interactions:
- Interactions between Security Compliance Management and Puppet Enterprise. Interactions between Security Compliance Management and Puppet Enterprise require correct configuration of the CA certificate. Any issues with the CA certificate with regard to communication between Security Compliance Management and Puppet Enterprise result in an error on the Security Compliance Management UI.
- Agent runs. If you have set up the Security Compliance Management module to download the assessor from the Security Compliance Management server (as opposed to being hosted locally), the assessor is downloaded using Mutual Transport Layer Security (mTLS) with the client certificate from the node. The Security Compliance Management mtls-proxy component requires the configured TLS and CA certificate.
- Scan task runs. Running a scan sends reports back into Security Compliance Management via an HTTP POST. This POST goes through the mtls-proxy and uses mTLS with the client certificate from the node.
Configuring Security Compliance Management TLS certificates involves first generating the certificates in Puppet Enterprise (PE) and then setting up mTLS in during installation or using the configure plan. mTLS enables a secure authenticated connection between your nodes and Security Compliance Management.
For information on troubleshooting problems with certificates, see Troubleshooting mTLS issues in Security Compliance Management.
comply module.