Configure a certificate authority

Under Certificate Authority:

  • If you are adding a new appliance, use the drop-down list to indicate whether to Upload certificate files now, or Provide certificate later.
    Important:

    It is recommended that you define certificates when you add an appliance, in order to avoid browser warnings regarding SSL termination block, authentication, or quota/confirm operations. Some browsers, for example later versions of Chrome, may block the transaction and display an error message.

    Be sure to:
    1. Generate a CA certificate. Each appliance should have a valid X.509 identity certificate with an unencrypted key. This certificate can be generated using a variety of tools, for example OpenSSL. For details and an example, see Generating an appliance certificate.
    2. Import this certificate to all relevant browsers.
    3. Upload this certificate to each appliance as described below.

    To use the cloud service SSL decryption feature, you should also install the Forcepoint root certificate on each client machine. See Enabling SSL decryption for details.

  • If you are editing an existing appliance, indicate whether to Use existing certificate files or Upload certificate files.

To upload the certificate files:

Steps

  1. Click Browse to navigate to the public certificate file, then click Open to populate the Public certificate field.
  2. Click Browse to navigate to the private key file, then click Open to populate the Private key field. The private key must be in either PEM or .key format.
  3. If you have chained certificates, click Browse and navigate to the intermediate certificate, then click Open to populate the Chained certificate field.
    The certificate chain should include the root CA, and optionally additional intermediate CAs.