Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

Enabling Double Encryption for Zscaler with SecureW2’s Cloud PKI

Double encryption adds an extra layer of security to ensure that the connections between the Z App, Connectors, and ZPA ZENs stay protected. Although Zscaler already comes with a layer of TLS encryption, cyber attacks have evolved to the point where encrypting the tunnel isn’t good enough anymore and data can still be stolen.

To enable double encryption for Zscaler, you must use your organization’s Public Key Infrastructure to generate intermediate signing certificates for enrolling Z App and Connector. A root certificate also must be generated in your organization’s PKI so the VPA can verify a chain of trust for the intermediate signing certificates.

Deploying CA Certificates for Zscaler

radius server

Enabling double encryption can be easy, as long as you integrate your ZPA with SecureW2’s Managed Cloud PKI. Our services make it easy to establish a certificate chain of trust by giving admins the ability to configure their current CAs or create new ones in the SecureW2 Management Portal.

Below, we provided a quick overview detailing how to configure your organization’s CA’s in SecureW2 to start issuing signed certificates with your ZPA.

cloud computing

How to Configure Zscaler for Certificates

  1. Generate a root and intermediate CA, or upload your existing CA in SecureW2.
    • Using SecureW2’s Management Portal, you can either input the info of the current CA or create one from scratch with our easy-to-use GUI interface.
  2. Create CSRs for Z App and Connectors.
    • Once the CAs are configured with SecureW2, admins can create and download CSRs on the ZPA Admin Portal.
    • Upload the CSRs in SecureW2’s Management Portal to create intermediate signed certificates that can enroll Z App and Connectors.
  3. Sign the CSRs in the Securew2 Management Portal:
    • With your organization’s signing CA (which can be either root or intermediate) you can start creating signed certificates.
  4. Upload signed certificate to ZPA.
    • Once you’ve created your signed certificate, go ahead and upload it to your ZPA to enroll Z App and Connectors.

Configure CAs with ZPA to Enable Double Encryption

For organizations that desire extra security measures, double encryption is too good to pass up and is easy to enable with SecureW2. Once integrated, Zscaler admins can configure CA’s to create signed certificates and issue intermediate CA certificates to ZPA. This process can be completed in no time, and ZPNs will have the ability to enable double encryption so Z App, Connectors, and ZENs can connect safely. Our service comes at an incredibly affordable price.

Learn about this author

Sam Metzler

Sam (aka Slammin Salmon, Street Hustler Sam, Samilstilskin) is a copywriter within the marketing team and a man of many nicknames. He has a degree in Marketing from the University of North Texas with previous experience in mortgage marketing and financial services.

Enabling Double Encryption for Zscaler with SecureW2’s Cloud PKI