Help Center

Third-party software Contact us

Configuring a certificate authority

Certificate authorities (CAs) help verify the authenticity of a web application. When DataSecurity Plus’ Cloud Protection gateway server performs deep packet inspection, it decrypts and re-encrypts the HTTPS (HTTP over SSL) traffic. To do this, the gateway server generates its own SSL certificates that are sent to the endpoints. These self-generated certificates will be signed by DataSecurity Plus' own built-in CA. The certificates to be used by this CA can be customized as needed.

To add a new CA:

  • Select Cloud Protection from the application drop-down menu at the top.
  • Navigate to Configuration.
  • In the Certificate section, select Server CA Management.
  • Click + Add Certificate Authority in the top-right corner.
  • Enter the following details:
    • Enter a suitable Name.
    • Set the industry standard of 2048 bits or greater for the KeySize.
    • Select the Signature Algorithm that matches the KeySize.
    • Set the expiration period for this certificate in Years and/or Months.
    • Click Generate.
    • Note: KeySize is the size of the key in bits, and it's required to enable TLS or SSL encryption.

      Signature Algorithm: This is the hash algorithm used for signing and verifying the certificate.

    The CA certificate is downloaded in the Server CA Management page by default. It has to be installed in all client devices to be trusted as the root authority.

    Steps to download the generated CA certificate in all client devices:

    In DataSecurity Plus:

    • Select Cloud Protection from the application drop-down menu at the top.
    • Go to Configuration → Server CA Management
    • Click on the download symbol next to the certificate generated. The certificate is now downloaded to your device.

    Once downloaded, the CA certificate can be installed on individual endpoints manually or on multiple endpoints via a GPO by following the steps in this page.

Don't see what you're looking for?

  • Visit our community

    Post your questions in the forum.

     
  • Request additional resources

    Send us your requirements.