You can connect Deadline Clients to the Deadline Database/Repository with direct connection or over a Remote Connection Server (RCS). Both the type of connections can be configured with TLS during installation.
Direct Connection: When Deadline Client applications and the Database are running on the machines connected on a same subnet (LAN) then you can connect the Client apps to Database directly. The repository will be a network share accessible to all Client machines and the Database.
Remote Connection: When Deadline Client applications are remotely located to the Database machine then you can connect the clients on http/https based connection to the RCS. RCS will then connect to the Database machine using direct connection. It will work as a proxy for your remote clients.
Ports are mentioned in the diagram below.
You can choose to install the Database to accept TLS based connections. The installer has an option to enable it. If the direct connection is configured with TLS, the certificates are generated during the installation of Database. We call these certs the database certs and the default location is /DeadlineDatabase<version>/mongo/certs/.
For the remote connection RCS certs are generated during the installation of the Client and in Deadline 10.1 these certs typically live in <Client Installation Directory>/certs/ or you can just take a look in the installer logs if you have chosen a custom location to install the certs and don’t remember it. If you reboot logs will be gone on Linux and Mac computers.
Below diagram shows how TLS certs work during connection, for the Direct connection Deadline Client presents a cert (Deadline10Client.pfx) to the DB. For the Remote Connection over Remote Connection Server (RCS) Deadline Client has to present a different cert to RCS to connect with the DB.
Note: If using port 4433 on the RCS, this means there there is also a cert between the client and the RCS. There should be six certs total (including two ca.crt files). RCS's listening ports are configured with the TLS.