Generating a Certificate Signing Request

A certificate signing request (CSR) is a message from a requester to a certificate authority to apply for a digital certificate. The CSR is composed of a block of encrypted text generated on the server where the certificate will be used. It contains the organization name, common name (domain name), locality, and country.

An RSA key must be either created or applied to the certificate request before the certificate can be generated. A private key is not included in the CSR, but it is used to digitally sign the completed request. The certificate created with a particular CSR only works with the private key generated with it. If the private key is lost, the certificate is no longer functional. The CSR can be accompanied by other identity credentials required by the certificate authority, and the certificate authority maintains the right to contact the applicant for additional information.

If the request is successful, the CA sends an identity certificate digitally signed with the private key of the CA.

To create a CSR:

  1. Select the Create CSR tab from the Certificate Management menu.
    Click to expand in new window
    Certificate Management - Create CSR Screen
    GUID-F30EC41F-C27A-412E-ACF2-B90A3A896B68-low.png
  2. Define the following parameters in the Create New Certificate Signing Request (CSR) area:
    RSA Key Select Use Existing and use the drop-down menu to set the key used by both the controller or service platform and the server (or repository) of the target RSA key

    Optionally, select Create New to enter a 32-character maximum name used to identify the RSA key. Set the size of the key to either 1,024 or 2,048 bits. We recommend leaving this value at the default setting of 2,048 to ensure optimum functionality.

  3. Set the following Certificate Subject Name parameters required for the creation of the certificate:
    Certificate Subject Name Select either auto-generate to automatically create the certificate's subject credentials or user-configured to manually enter the credentials of the self-signed certificate. The default setting is auto-generate.
    Country (C) Define the country used in the CSR. The field can be modified by the user to other values. This is a required field and must not exceed 2 characters.
    State (ST) Enter the state or province name represented in the CSR. This is a required field.
    City (L) Enter a city represented in the CSR. This is a required field.
    Organization (O) Define the organization represented in the CSR. This is a required field.
    Organizational Unit (OU) Enter the organization unit represented in the CSR. This is a required field.
    Common Name (CN) If there is a common name (IP address) for the organizational unit issuing the certificate, enter it here.
  4. Select the following Additional Credentials required for the generation of the CSR:
    Email Address Provide an email address used as the contact address for issues relating to this CSR.
    Domain Name Enter a fully qualified domain name (FQDN): an unambiguous domain name that absolutely specifies the node's position in the DNS tree hierarchy. To distinguish an FQDN from a regular domain name, a trailing period is added – for example, somehost.example.com. An FQDN differs from a regular domain name by its absoluteness, as a suffix is not added.
    IP Address Specify the IP address used as the destination for certificate requests. Only IPv4 formatted IP addresses are permitted. IPv6 formatted addresses are not permitted.
  5. Select Generate CSR to generate the CSR.