How to Manage SSL Certificates for ZPC

Owned by Sean McDade
Last updated: Jan 11, 2024



Generating a Signed Certificate


You’ll first need to generate a CSR to be signed by your chosen Certificate Authority.

  1. Navigate to the System > Certificate Management page in ZPC and then to the Generate CSR tab.

    If you are unsure about the values to include in the CSR, contact the team responsible for managing the certificates in your organization.

 

  1. Generate and download the CSR to get it signed by your chosen Certificate Authority (CA).

  2. Ensure the signed certificate is in PEM format (Base-64 encoded X.509 - CER).

  3. Navigate to the System > Certificate Management page in ZPC and the Import Certificate tab and select the Signed Certificate option.

     

  4. SSH into the ZIRO machine and log in using the s8admin account, then select Restart Web Server from the menu.

  5. Log back into ZPC from your browser and confirm the certificate has been successfully imported by checking the validity period.

You’re done!

Renewing an Existing Signed Certificate

Warning - If a change to the FQDN is made during your renewal, SAML SSO configuration changes will also be required

Updating the FQDN tied to your SSL certificate will break the SAML Single Sign-On functionality setup for ZPC and require adjustments to your Identity Provider (IdP) configuration.

Once a new SSL certificate is uploaded, users will be unable to sign in using SSO until you export the new Service Provider (SP) Metadata from the SAML Single Sign-On page and use it to adjust the Relying Party Trust configuration for ZIRO in your Identity Provider (IdP) configuration.

For more detailed steps, refer to the SSO setup walkthrough guides for your IdP (Azure, ADFS, Okta)

 

  1. View the expiry date of your certificate by navigating to System Health > System Health Status page.

  2. View your current certificate details by accessing the certificate viewer in your browser while on the ZPC website.

  1. Generate and download the CSR using the information in the previous step to get it signed by your chosen Certificate Authority (CA).

  2. Ensure the signed certificate is in PEM format (Base-64 encoded X.509 - CER).

  3. Navigate to the System > Certificate Management page in ZPC and the Import Certificate tab and select the Signed Certificate option.

     

  4. SSH into the ZIRO machine and log in using the s8admin account, then select Restart Web Server from the menu.

  5. Log back into ZPC from your browser and confirm the certificate has been successfully imported by checking the validity period.

 

How to Use Wildcard Certificates

  1. Acquire the wildcard certificate from your IT team in the correct PEM format (Base-64 encoded X.509 - CER).

  2. Navigate to the System > Certificate Management page in ZPC and the Import Certificate tab and select the Wildcard Certificate option.

     

  3. Provide the unencrypted Private Key and specify the FQDN.

  4. Click Import.

  5. SSH into the ZIRO machine and log in using the s8admin account, then select Restart Web Server from the menu.

  6. Log back into ZPC from your browser and confirm the certificate has been successfully imported by checking the validity period.