Configure Encryption as a Service (EaaS) Certificate
Skyhigh CASB provides Encryption as a Service (EaaS) Certificates to encrypt data for cloud services. This ensures only the intended recipient can decrypt and read the information. This certification configuration uses the proxy to authenticate EaaS end clients. Using this configuration, data is encrypted and decrypted using REST endpoints.
To configure the EaaS Certificate:
- Go to Settings > Service Management.
- Choose any Service and add an instance to manage an EaaS certificate. To add a Service instance, see Add an Instance of a Service.
- Select your Service instance from the Services list. For example, the Salesforce instance is selected.
- Click the Setup tab, and under Proxy, click Get Started.
- To enable the Encryption as a Service (EaaS) Certificate Configuration, you need to configure the proxy.
- Once the proxy configuration is completed, go to Encryption as a Service (EaaS) Certificate Configuration and click Configure.
- Configure the EaaS Certificates as shown:
- Target Host. Enter the cloud service provider name.
- Virtual Host. Enter the name of the proxy instance which you have entered in the proxy configuration. For example, to configure the proxy, see Configure Salesforce Instance.
- Chain Depth. The level and sub-level of the Root CA Certificate. The maximum chain depth level is 3 and the minimum chain depth level is 1.
- Root CA Certificate. Upload the Self Signed Certificate in PEM format. The certificate consists of the private key that authenticates the EaaS Endpoints.
- Click Save. Once the EaaS Certificate is successfully configured. The Service Management Overview tab shows the following status.
- To edit the EaaS certificate, open the more menu and click Edit. You can also edit the certificate on the Setup page.
- If your EaaS Certificate is expired, then you can view the Renew option. Click Renew to replace and update your new certificate.