Prisma Cloud Compute certificates
This article summarizes all the certificates used by Prisma Cloud Compute.
For each certificate, you can learn more about its functionallity, signing CA, and your customization options.
Customizing certificates is only allowed for Prisma Cloud Compute edition.
Category | Certificate | Communication | Certificate customization | Default CA | CA customization | Prisma Cloud edition |
|---|---|---|---|---|---|---|
Console TLS communication | Console Web and API certificate | Web browser, API and twistcli access to console | Customize under Manage > Authentication > System certificates > TLS certificate for Console > Concatenate public cert and private key | Console CA | Your organization CA | Compute edition, Enterprise edition |
Client certificates To enforce Docker access control, client certs should be installed on any host where the docker client can be run. | Clients (users) access to remote Docker Engine instances | Customize your own certificates for your clients Explicit list of trusted certificates can be defined under Manage > Authentication > System certificates > Client certificates > Explicit certificate trust list | Console CA | Customize under Manage > Authentication > System certificates > Client certificates > CA certificate | Compute edition, Enterprise edition | |
Certificate-based authentication to Console | Clients access the Console | No CA by default | Enable Console verification of the client’s CA certificate when accessing the Console. Define CA under Manage > Authentication > System certificates > Certificate-based authentication to Console > CA certificate | Compute edition | ||
Console-Defender communication | Defender client certificate (Defender side) | Console-Defender communication | No | Defender CA (defender-ca.pem) | No | Compute edition, not relevant for Enterprise edition (uses API token) |