Certificates required
You require several certificates to set up the token broker proxy and browser extension. For more information, see Token broker proxy and Browser extension.
The certificates required are described below, with reference to the relevant procedure where you must provide them.
JWT signing certificate
You require a JSON Web Token (JWT) signing certificate provided by your IT organization. The certificate must be PEM encoded. This certificate is required to sign JWTs.
You must upload this certificate to Snow Atlas when you create a token broker registration. The certificate that you upload must contain only a public key, no private keys. For more information, see Create token broker registrations.
You use the same certificate when you install the token broker proxy in your environment. In this case, the JWT certificate must contain the public and private key. For more information, see Install token broker proxy.
TLS certificate
You require a Transport Layer Security (TLS) certificate for the domain where you host the token broker proxy, from your IT organization.
You require this certificate when you install the token broker proxy in your environment. The certificate must include the private and public key. For more information, see Install token broker proxy.
MTLS certificates
You must install mTLS client certificates on the clients where the browser extension is installed in your environment. These certificates allow the browser extension to connect to the token broker proxy.
By default, the client certificates must have the email
field (Object identifier: 1.2.840.113549.1.9.1) populated for identification to work when the request is processed in Snow Atlas. If required, you can configure the token broker proxy to extract the email from the OU
or CN
fields.
You require the client certificate chain when you install the token broker proxy in your environment. For more information, see Install token broker proxy.
For more information on the browser extension, see Configure browser extensions.