View and manage trusted certificates

You can view and manage the following types of trusted certificates in DPA:

• Certificates in the DPA trust store

  DPA can use certificates in the DPA trust store to connect to any database instance or LDAP server. These certificates are used only by DPA.

  You can view, import, and delete certificates in the DPA trust store.

• Certificates in the Java trust store

  DPA can use certificates in the Java trust store to connect to any database instance or LDAP server. These certificates are not managed through DPA. You can use DPA to view the alias and expiration date of these certificates.

  The cacerts file that contains these certificates is included in the JDK installed with DPA. The cacerts file is replaced each time DPA is upgraded, and any changes to this file are overwritten.

• DB certificates

  A DB certificate is associated with a specific PostgreSQL or EDB Postgres database instance, and DPA uses it to connect to that instance. They are not shared with database instances that they haven't been assigned to, and they are not used by other services such as LDAP. DB certificates are used only by DPA.

  You can use DPA to view, import, and remove DB certificates.

• Add a SAN to a MySQL server

  If a MySQL server uses SSL and the trustServerCertificate property is set to false, attempts to connect to the server can result in an error if the certificate uses only the common name (CN) field. To enable the connection, you can add a subject alternative name (SAN) to a MySQL server SSL certificate.