Certificate Management

Certificate Authority (CA) Certificates

Certificate Authorities are trusted entities that issue SSL (Secure Sockets Layer) certificates. These certificates link an entity with a public key, thus authenticating online content. The CA certificates attest to the authenticity and trustworthiness of websites, domains, and organizations.
CA certificates provide authentication and encryption for secure communication, and they ensure the integrity of the documents signed with the certificate so that they cannot be altered in transit.

Admins must configure certificates for the Atmos Web gateway to allow for the Axis block page URLs to be trusted, while visiting websites, and for SSL inspection, visibility and control of encrypted sessions.

The CA certificate is configured on both the Atmos cloud and a user’s endpoint. On the Atmos side, the CA certificate is uploaded and then designated as the certificate to be used for decrypting a user’s SSL sessions. On the user’s endpoint the CA certificate is added to the store of trusted CAs, allowing a user’s client to trust the Atmos cloud for presenting block pages and for decryption. Note that it is possible to use an already configured certificate (as part of the organization PKI Infrastructure) and upload it to axis .

Certificate Management in the Atmos Web Gateway

To use a certificate, choose one of the following:

  • Use an Axis Root Certificate- download and deploy the certificate in your organization.
  • Upload your own certificate- upload a PFX file that contains both the certificate and the private key.

📘

Notes

  • If your organization manages devices through a central desktop management tool, we recommend remote installation instead of users downloading and installing the Axis Root Certificate on their own.
  • Click here for information on downloading and installing certificates for end-users.

Using an Axis Root Certificate

To use an Axis Root Certificate:

  1. Go to Settings-> Certificates-> CA Certificates.
  2. Click download to download the certificate.

Using a Custom CA Certificate

If your organization use its own PKI infrastructure, it is possible to upload a certificate, so axis will use that in order to serve block pages or SSL inspect traffic.

To use a Custom CA Certificate:

  1. Go to Settings-> Certificates-> CA Certificates.
  2. Click Upload Certificate.

The Upload Certificate dialog opens.

  1. Enter a name.
  2. Enter a description (optional).
  3. Click Upload Certificate to upload a PFX certificate.
  4. Enter the Private Key in the Password field.
  5. Click Submit.

📘

Notes

  • For more information on how to export and upload a custom CA Certificate click here