Securing Communication Between the CRR and the CAST
The communication between the CRR and the CAST components takes place using the 2-way SSL authentication. For this full client/server SSL communication, the client and server must accept each other's certificates. This means that the CAST and CRR stores need to have matching certificates for the communication to work.
The CAST components have access to an SSL context to establish an SSL (HTTPS) connection to the CRR. The SSL authentication establishes a trusted relationship between the CentraSite Server on the CAST and the CRR. Therefore no user re-authentication needs to be performed by the CRR.
The CentraSite installation comes with self-signed certificates from Software AG.
You can configure a secure communication between the CRR and CAST. CentraSite provides a set of command line tools for this purpose.
Note:
Keep in mind that you must run the command tool on the machine hosting an CAST or CRR environment.
You can disable the SSL communication between the CRR and the CAST components. However, Software AG strongly recommends you not to do this, because it opens a potential security risk.