icon-zpa.svg
Secure Private Access (ZPA)

About (Web Server) Certificates

Watch a video about Certificates

ZPA uses web server certificates to provide access to a web application, typically for Browser Access. A certificate is selected when defining an application within an application segment.

Web server certificates provide the following benefits and allow you to:

  • Generate a new certificate by creating a certificate signing request (CSR) that is signed by your Certificate Authority (CA).
  • Manage the certificates that are presented to your users by AppProtection, Browser Access, Browser Isolation, and Privileged Remote Access.

You can upload a web server certificate to ZPA using one of the following workflows:

or,

You cannot use enrollment (CA) certificates for Browser Access.

About the Certificates Page

On the Certificates page (Configuration & Control > Certificate Management > Certificates), you can do the following:

  1. Upload a certificate.
  2. Create a CSR for a certificate.
  3. Expand all of the rows in the table to see more information about each certificate.
  4. Filter the information that appears in the table. By default, no filters are applied.
  5. View a list of all web server certificates that are configured for your organization. For each certificate, you can see:
    • Name: The name of the certificate.
      • Description: The certificate's description, if available.
      • Issued By: The certificate authority (CA) that issued the certificate.
      • Issued To: The entity that the CA issued the certificate to.
    • Creation Date: The creation date of the certificate.
    • Expiry Date: The expiration date of the certificate.
    • Common Name: The CN for the hostname associated with the certificate.

Depending on the Expiry Date, the following icons are displayed next to the Name:

  • If the certificate has expired, a red warning icon is displayed.

  • If the certificate has less than 7 days before expiration, a yellow caution icon is displayed.

  • If the certificate has less than 30 days before expiration, an orange info icon is displayed.

  1. Edit an existing certificate.
  2. Delete a certificate.
  3. Download the CSR file for the certificate.
  4. Upload a certificate.
  5. Go to the Enrollment Certificates page to view and manage CA certificates for App Connectors, ZPA Private Service Edges, and Zscaler Client Connector.
  6. Go to the Root Certificates for Isolation page to view and manage root certificates associated with isolation profiles.

Certificates page for web server certificates within the ZPA Admin Portal

Related Articles
About (Web Server) CertificatesCreating Certificate Signing Requests for (Web Server) CertificatesUploading (Web Server) CertificatesEditing (Web Server) Certificates