To configure Skyhigh Mobile Cloud Security (SMCS), you must first upload the CA (Certificate Authority) certificates to Secure Web Gateway. This allows you to set up and run a VPN gateway within your SMCS solution. Follow these steps to upload CA (Certificate Authority) certificates to Secure Web Gateway:
- Log in to Skyhigh SSE, and go to Settings > Infrastructure > Web Gateway Setup.
- Click Configure to the right of Skyhigh Mobile Cloud Security.
- On the MCS Configuration page, you can upload and manage CA certificates and select user groups to assign to each certificate.
- Click Upload to select and upload a custom CA certificate (supported certificate formats are DER, PEM, CRT, and CER).
The certificate's private key is used to sign the mobile device certificates.
- Specify the labels of the fields that identify the User name and an optional User Group in the device certificates. For details on field labels, see Device Certificate Field Labels.
- (Optional). To upload certificate chains with both Root and Intermediate certificates:
- You must upload both the Root and Intermediate CA's to Secure Web Gateway.
- Make sure that the p12 certificate to be deployed on your device is signed by both the Root and Intermediate CAs.
NOTE: You can upload multiple CA certificates to Secure Web Gateway.
- Click Upload & Test to test the device certificate authentication with the uploaded CA certificate.
- Click Save.
NOTE: Make sure to note or save the VPN Gateway address to configure SMCS in your Mobile Device Management (MDM) solution.
After uploading CA certificates to Secure Web Gateway, you can use the IP address of the VPN gateway to configure your MDM solution. For details, see Step 2: Configure MDM.
Device Certificate Field Labels
|Field Label Name
|Typically used to represent the name associated with a user.
|Refers to the email address associated with the entity.
|Represents an identifier or identification information.
|Indicates the given or first name of a user.
|Describes the entity or provide additional information.
|Distinguished Name Qualifier
|Part of the Distinguished Name in X.500 directory services.
|Represents the initials of a user.
|Indicates the locality or city associated with a user.
|Represents the organization to which a user belongs.
|Describes the organizational unit or department within an organization.
|Indicates the surname or last name of an individual.
|State or Province
|Represents the state or province associated with the entity.
|Indicates the title or position of an individual.
|It represents the country in which the entity or individual associated with the certificate is located or registered.