Creating Certificate Signing Request

You can create a CSR that you download and get signed by your CA to re-upload to Forcepoint ONE SSE to establish a 2-way TLS connection between Forcepoint ONE SSE and a callout endpoint.

The cert will be used during the 2-way TLS when the callout endpoint asks Forcepoint ONE SSE to present a signed client cert to validate the connection.

Steps

  1. Click the green plus button to open the Certificate dialog. On the certificate page, select the Generate CSR radio and fill out the necessary information for the CSR:
    • Name: Name you wish to give the cert
    • Common Name: A name that uniquely identifies this certificate in your organization.
    • Key Size: 2048 and 4096 options
    • Company: The legal name of your company or yourself.
    • Organizational Unit: The branch within your company using the certificate. (e.g. Accounting).
    • State: The state or province where your company is located. Use the full name, not an abbreviation.
    • City: The city or locality where your company is located.
    • Country Code: The two-digit ISO country code where your company is located. For the United States, it's US.
    • Email Address: Email address you wish to associate with the certificate (not required).


  2. Once you click Ok, you will see a new table entry with the CSR you have generated. Click on CSR to download a copy of the unsigned certificate to get signed by your CA.
  3. With the signed CSR, you can then click Upload Signed CSR to upload it to Forcepoint ONE SSE.