Adding Key Store

When adding a key store to Forcepoint ONE SSE (that is, integration with a third party KMS or HSM), you can choose to authorize that integration in two different ways (authorize via login credentials of via a client certificate). Regardless of which option you choose, you will also need to upload the server certificate for the KSM or HSM server you are trying to integrate.

Steps

  1. It's best to start by uploading the server certificate so that it's ready to be selected when we proceed to add the key store to Forcepoint ONE SSE. Login to the Forcepoint ONE SSE portal as an admin and navigate to the Settings > Certificate page.


  2. Under the top Certificates section, click the green plus icon to add a new certificate. Give the certificate an identifiable name, select the format it is and upload the cert. Enter the password for accessing the cert as needed.




  3. Now you can add the Key Store, navigate to the Protect > Encryption > Key Management page. Under the Key Stores section at the top, click the green plus icon to add a new Key Store integration.


  4. In the Key Store dialog window, fill out the fields accordingly by providing a name for you to recognize the key store, the hostname for how to access it, and the port you will be using.


    1. If you are authenticating via credentials, select the Credentials checkbox which will expand additional fields. Enter the username and password used to authenticate and then select the server certificate from the dropdown that you uploaded.


    2. If you wish to authenticate via client certificates, select Client Certificates checkbox which will expand additional fields to select both the client cert you wish to use and the server certificate. Follow the steps in step 2 to upload a client certificate to the Settings > Certificate page that you will use for authentication. Once done select the appropriate certs from the dropdowns.