icon-zpa.svg
Secure Private Access (ZPA)

About (Web Server) Certificates

Watch a video about Certificates

ZPA uses web server certificates to provide access to a web application, typically for Browser Access. A certificate is selected when defining an application within an application segment.

Web server certificates provide the following benefits and allow you to:

  • Generate a new certificate by creating a certificate signing request (CSR) that is signed by your Certificate Authority (CA).
  • Manage the certificates that are presented to your users by AppProtection, Browser Access, Browser Isolation, and Privileged Remote Access.

You can upload a web server certificate to ZPA using one of the following workflows:

or,

You cannot use enrollment (CA) certificates for Browser Access.

About the Certificates Page

On the Certificates page (Configuration & Control > Certificate Management > Certificates), you can do the following:

  1. View a list of applied filters available from the current and previous user sessions. Applied filters must be saved to the user session first before they can be viewed. Use the drop-down menu to select the applied filters to view. To learn more, see Using Tables.
  2. Hide the filters on the page by clicking Hide Filters. Click Show Filters to show the filters.
  3. Refresh the Certificates page to reflect the most current information.
  4. Filter the information that appears in the table. By default, no filters are applied. You can also save applied filters to your preferences so that they're visible in future user sessions. To learn more, see Using Tables.
  5. Upload a certificate.
  6. Create a CSR for a certificate.
  7. Expand all of the rows in the table to see more information about each certificate.
  8. View a list of all web server certificates that are configured for your organization. For each certificate, you can see:
    • Name: The name of the certificate.
      • Description: The certificate's description, if available.
      • Subject Alternate Name: The subject alternative name of the certificate, if available.
      • Issued By: The certificate authority (CA) that issued the certificate.
      • Issued To: The entity that the CA issued the certificate to.
    • Creation Date: The creation date of the certificate.
    • Expiry Date: The expiration date of the certificate.
    • Common Name: The CN for the hostname associated with the certificate.

Depending on the Expiry Date, the following icons are displayed next to the Name:

  • If the certificate has expired, a red Warning icon (Red Warning Icon) is displayed.
  • If the certificate has less than 7 days before expiration, a yellow Caution icon (Yellow Caution Icon) is displayed.
  • If the certificate has less than 30 days before expiration, an orange Info icon (Orange Info Icon) is displayed.
  1. Edit an existing certificate.
  2. Download the CSR file for the certificate.
  3. Upload a certificate.
  4. Delete a certificate.
  5. Modify the columns displayed in the table.
  6. Display more rows or a different page of the table.
  7. Open the Zscaler Help Browser and view Help Portal articles without leaving the ZPA Admin Portal.
  8. Go to the Enrollment Certificates page to view and manage CA certificates for App Connectors, ZPA Private Service Edges, and Zscaler Client Connector.
  9. Go to the Root Certificates for Isolation page to view and manage root certificates associated with isolation profiles.
Using the Certificates page
Related Articles
About (Web Server) CertificatesCreating Certificate Signing Requests for (Web Server) CertificatesUploading (Web Server) CertificatesEditing (Web Server) Certificates