Secure Private Access (ZPA)
About (Web Server) Certificates
Watch a video about Certificates
ZPA uses web server certificates to provide access to a web application, typically for Browser Access. A certificate is selected when defining an application within an application segment.
Web server certificates provide the following benefits and allow you to:
- Generate a new certificate by creating a certificate signing request (CSR) that is signed by your Certificate Authority (CA).
- Manage the certificates that are presented to your users by AppProtection, Browser Access, Browser Isolation, and Privileged Remote Access.
You can upload a web server certificate to ZPA using one of the following workflows:
or,
You cannot use enrollment (CA) certificates for Browser Access.
About the Certificates Page
On the Certificates page (Configuration & Control > Certificate Management > Certificates), you can do the following:
- Upload a certificate.
- Create a CSR for a certificate.
- Expand all of the rows in the table to see more information about each certificate.
- Filter the information that appears in the table. By default, no filters are applied.
- View a list of all web server certificates that are configured for your organization. For each certificate, you can see:
- Name: The name of the certificate.
- Description: The certificate's description, if available.
- Issued By: The certificate authority (CA) that issued the certificate.
- Issued To: The entity that the CA issued the certificate to.
- Creation Date: The creation date of the certificate.
- Expiry Date: The expiration date of the certificate.
- Common Name: The CN for the hostname associated with the certificate.
- Name: The name of the certificate.
Depending on the Expiry Date, the following icons are displayed next to the Name:
- If the certificate has expired, a red warning icon is displayed.
- If the certificate has less than 7 days before expiration, a yellow caution icon is displayed.
- If the certificate has less than 30 days before expiration, an orange info icon is displayed.
- Edit an existing certificate.
- Delete a certificate.
- Download the CSR file for the certificate.
- Upload a certificate.
- Go to the Enrollment Certificates page to view and manage CA certificates for App Connectors, ZPA Private Service Edges, and Zscaler Client Connector.
- Go to the Root Certificates for Isolation page to view and manage root certificates associated with isolation profiles.