Transport Layer Security (TLS) between a Recovery Appliance and client databases involves the use of certificates that authenticate and encrypt communication.

• Trusted Certificates are generally obtained from a trusted Certified Authority (CA) through an application process (at the corporate level). These certificates are generally used between external systems. Because they were created by the CA, these certificates do not contain any local host names. The file type is *.pem.

• Signed Certificates are created as needed and contain the local host name as well as location and organization information as part of what authenticates it. These certificates are often used between local or internal systems. Signed certificates are specific to each Recovery Appliance. The file type is *.p12.

Both types of certificates are required.

The details for obtaining or creating certifications are provided in the Zero Data Loss Recovery Appliance Administrator's Guide in TLS Overview.