Proofpoint | ObserveIT On-Premises Insider Threat Management

Digital Certificates Prerequisites

This section describes the certificate requirements for secure communications between ObserveIT Agents and ObserveIT servers.

Certificates must be issued by a trusted Certificate Authority.

TLS Certificates

  • TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits.

  • TLS server certificates and issuing CAs must use a hash algorithm from the SHA-2 family or higher in the signature algorithm.

  • TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.

  • TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).

Related Topic:

System Installation Prerequisites

version 7.12.4

Copyright © 2022 ObserveIT a division of Proofpoint