Connections

Users in the Connection Admins and 'admins' group can add, edit, delete, or test a connection through Connection Manager menus.

The tabular view lists all the currently configured connections. You can arrange the list in different orders, by clicking on the column headers to sort it by that column. The table has the following columns:

• Name - name of the connection

• Creation - date when the connection was created

• Type - type of connection

• Products - name of the product that uses the connection

• State - state that the connection is in. It is one of these states:

  • Not tested - connection has not been tested

  • Fail - connection has been tested and the test failed. The date when the connection failed is displayed to the right

  • Ready - connection is properly configured and ready

The last column contains an ellipsis icon (...). When clicked, it displays a menu that allows you to perform the following operations on the existing connections:

• View/Edit - view and edit the connection

• Test Connection - test the connection

• Delete - delete the connection

Use the filters in the column headers to filter through multiple connections and display only those that you wish to display.

Use the Search box to search for a specific connection.

Refer to Adding a New Connection to add a New connection.

External Certificate for Azure and Salesforce Connections

If you want to add an Azure or SFDC connection using external certificate, you first need to create and sign a Connection CSR using the CSR generator in CA.

To create a valid external certificate for connections through CipherTrust Data Security Platform Service GUI:

1. Sign in as a user in the CA Admin or admin group, such as the root admin account.

2. Navigate to CA > CSR Generator.

3. Enter a Common Name as required.

4. Select a Size.

   Azure Connections support 2048 and 4096.

   Salesforce connections support 1024, 2048, and 4096.

5. Enter in any desired optional settings:

   • Display Names

   • Subject Alternative Names

     • DNS Names (comma separated)

     • IP Addresses (comma separated)

     • Email Addresses (comma separated)

6. If desired, enable Encrypt Private Key.

   1. In Private Key Encryption, select a key algorithm, AES256, AES192, AES128, or TDES. CipherTrust Data Security Platform Service will generate a new key with this algorithm to encrypt the private key.

   2. In Private Key Encryption Password, enter a password.

7. Click Generate CSR.

   The Certificate Signing Request is displayed at the bottom of the page.

8. Click Download CSR to export the CSR contents to a file CSR.pem.

9. Have a well-known external CA sign the certificate.

10. Upload the external certificate to the cloud portal, Azure or Salesforce portal.

11. Store the external certificate in an accessible place. You will have to upload the certificate file to CipherTrust Data Security Platform Service when you create the Azure or Salesforce connection.

Adding a New Connection

Click the + Add Connection button to open the Add Connection wizard. The wizard consists of the following steps:

1. Select Connection Type

2. General Info

3. Configure Connection

4. Add Products

1. Select Connection Type

In the Select Category section, click the Cloud, File-Share, or OIDC tile and select a desired connection type from the Select Type menu:

• Cloud: Amazon Web Services (AWS), Microsoft Azure, Salesforce, SAP Data Custodian, Google, or Oracle Cloud Infrastructure (OCI). CipherTrust Cloud Key Management (CCKM) manages cloud keys for these cloud services.

• File-Share: CIFS/SMB. It provides access to the shared files available in the network for CipherTrust Transparent Encryption (CTE).

• OIDC: It is used to configure external identity providers for CTE agents.

Click Next to move to the next step.

2. General Info

In this step, provide a Name and Description (optional) for the new connection.

Click Next to move to the next step.

3. Configure Connection

The available connections are in support of different products.

CipherTrust Transparent Encryption (CTE) connections:

• OpenID Connect (OIDC)

• CIFS/SMB

CCKM connections:

• Amazon Web Services (AWS)

• Google Cloud Platform (GCP)

• Microsoft Azure

• Oracle Cloud Infrastructure (OCI)

• Salesforce

• SAP Data Custodian

4. Add Products

Use the check boxes in the Products list to select a product associated with the connection.

• CTE

• Cloud Key Manager

Click Add Connection to save your connection. The new connection is now listed in the CONNECTIONS list.