Certificates in EAA
Enterprise Application Access (EAA) can use certificates to validate the communication between applications hosted on EAA servers and your end users (clients). Certificates provide authentication between the client and server to securely send data using Transport Layer Security (TLS).
A server certificate is required for TLS communications between a user's browser and each application exposed through EAA. EAA can generate a self-signed server certificate or you can upload a certificate from an authorized certificate authority (CA).
Optionally you can enable mutually authenticated TLS connectivity between the end user’s device and EAA when you install certificates on user devices and a CA certificate for user authentication in EAA. For more information see Certificate-based authentication in the IdP, User-facing authentication mechanism for applications, and Configure the user-facing authentication mechanism.