Creating Certificate Authority

In order to authenticate a connection from a cloud app, you will need to upload a Certificate Authority (CA) for authentication. The primary use case is uploading a CA to Forcepoint ONE SSE that will be used to authenticate the app during the 2-way TLS handshake between Forcepoint ONE SSE and the application.

You must import the public portion of the CA certificate, which was used to sign the app client cert, so that Forcepoint ONE SSE can validate that the client certificate presented by the app is legitimate.

Steps

  1. Click the green plus icon to open the Certificate dialog and select the Import Cert radio and then select PEM or DER for certificate format type.
  2. Provide a unique name for the cert you will be uploading.
  3. Select Choose File to locate your cert you wish to upload.
    Forcepoint ONE SSE will automatically detect if the cert you have imported is a CA.


  4. Back on the Certificates page, locate and select your newly uploaded certificate.
    Notice that the CA field is checked if it was identified as a Certificate Authority. Also, notice that the status will display if it is valid.
  5. On the Certificate dialogue, check the option Bitglass API Client Cert Validation and select OK to save.