Control‑M works with the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, ensuring secure communication between the various Control-M components.
SSL for Control-M authenticates and secures communications between one ore more of the following:
Depending on your setup, you can enable security for the following components:
To configure SSL in your environment, you must do the following:
NOTE: BMC recommends that you replace the existing certificates by bringing your own certificate (signed by an external recognized CA).
For demo or POC purposes, you can generate new certificates from the CCM. Use this method when you are using the site CA provided by BMC (different per user). The site CA is stored in the Control-M/EM Server machine, and is used to sign the certificates for Control-M/EM, Control-M/Server, and Control-M/Agent. For more information, see Generating self signed certificates.
These methods enable you to configure SSL for each of the zones.
The following diagram shows the multiple ways you can configure SSL in environment based on zones: