Use certificates for authentication

Enterprise Application Access (EAA) can use certificates to validate the communication between applications hosted on EAA servers and your users (clients). Certificates provide authentication between the client and server to securely send data with use of Transport Layer Security (TLS).

A server certificate is required for TLS communications between a user's browser and each application exposed through Enterprise Application Access.

The Certificates page shows the certificates from Certificate Authorities, Custom Certificates, and Self-Signed Certificates. The self-signed certificates you generate using your own domain for the external host for your applications appear in the Self-Signed Certificates section. The certificates you upload from a Certificate Authority (CA) appear in the Certificate Authorities section. The custom certificates you create appear in the Custom Certificates section.

Optionally you can enable mutually authenticated TLS connectivity between the user's device and Enterprise Application Access when you install certificates on user devices and a CA certificate for user authentication in Enterprise Application Access. For more information see Certificate-based authentication in the IdP, User-facing authentication mechanism for applications, and Configure the user-facing authentication mechanism.

Add, edit, and delete certificates

To authenticate an application with a non-​Akamai​ certificate, you first need to add the certificate to Enterprise Application Access (EAA).

You can add a certificate from a certificate authority (CA) or custom certificate into Enterprise Application Access.

If you choose to upload a certificate and you have multiple certificates that you want to upload, you can upload a certificate file that contains more than one certificate.

  1. Log in to Enterprise Center.

  2. In the Enterprise Center navigation menu, select Application Access > Certificates > Certificates.

  3. Select the type of certificate you want to add, either Certificate Authorities or Custom Certificates.

  4. If you selected Certificate Authorities do the following:

    1. Click Add New Certificate.

    2. In Name type a unique name for the certificate.

    3. To upload the file click the folder icon, go to the location of the *.crt file on your computer, click Open.

    4. Click Save.
      A new entry should be created for the certificate you just uploaded with the Name, CN, Created, and Expires values populated. There are no applications associated with the certificate, since it was just uploaded.

  5. If you selected Custom Certificates option:

    1. Click Add New Certificate

    2. In Name type a unique name for the certificate.

    3. If a password was configured for the private key, in Password, enter a password.

    4. For Cert, if you selected Manual option, paste the certificate body and the associated private key. Click Save. A new entry should be created for the certificate you just uploaded with the Name, CN, Created, and Expires values populated. There are no applications associated with the certificate, since it was just uploaded.

    5. For Cert, if you selected File upload option, click the folder icon, go to the location of the *.crt file on your computer, click Open, upload it and click Save. A new entry should be created for the certificate you just uploaded with the Name, CN, Created, and Expires values populated. There are no applications associated with the certificate, since it was just uploaded.

  6. To edit a certificate, click the pencil icon next to the certificate and make your edits and save it.

    πŸ“˜

    Self-signed certificates cannot be edited.

  7. To delete a certificate, click the trash icon next to the certificate.

Next, to use the certificate for an external domain, see Associate a certificate for using your own domain for your application.

Associate a certificate for using your own domain for your application

Associate a self-signed certificate or uploaded certificate to an application when you use your own external domain.

When you use your own domain for your application and a certificate that matches the domain is associated with the application, users are able to securely communicate to the EAA Cloud:

  • If you use an ​Akamai​ domain, you do not need to provide a certificate.

  • If you use your own domain, you can have ​Akamai​ generate a certificate for you or you can select to use an uploaded certificate from an authorized certificate authority (CA). It is recommended to provide your own certificate.

πŸ“˜

14 days before the certificates expire, the applications change to Deployment Not Ready state. You should renew the certificate before expiry and redeploy the application, although the application would work fine during the expiration warning period.

πŸ“˜

In some cases, you may need to provide an intermediate certificate from your domain provider. When you paste your standard certificate in Cert, paste the intermediate certificate just below it.

  1. Log in to Enterprise Center.

  2. In the Enterprise Center navigation menu, select Application Access > Applications > Applications.

  3. Select your application to open it.

  4. In External host name select Use your domain.

  5. For the Certificate Preference, to use a self-signed certificate generated by Enterprise Application Access:

    1. Select Use self-signed certificate.

    2. Click Generate self-signed certificate.
      A message about application using a self-signed certificate appears.

  6. For the Certificate Preference, to use an uploaded certificate:

    1. Select Use uploaded certificates.

    2. Select a certificate.

  7. Click Save.


Did this page help you?