A certificate signing request (CSR) is a message from a requester to a certificate authority to apply for a digital certificate. The CSR is composed of a block of encrypted text generated on the server where the certificate will be used. It contains the organization name, common name (domain name), locality, and country.
An RSA key must be either created or applied to the certificate request before the certificate can be generated. A private key is not included in the CSR, but it is used to digitally sign the completed request. The certificate created with a particular CSR only works with the private key generated with it. If the private key is lost, the certificate is no longer functional. The CSR can be accompanied by other identity credentials required by the certificate authority, and the certificate authority maintains the right to contact the applicant for additional information.
If the request is successful, the CA sends an identity certificate digitally signed with the private key of the CA.
To create a CSR:
RSA Key | Select Use Existing and use the drop-down
menu to set the key used by both the controller or
service platform and the server (or repository) of
the target RSA key Optionally, select Create New to enter a 32-character maximum name used to identify the RSA key. Set the size of the key to either 1,024 or 2,048 bits. We recommend leaving this value at the default setting of 2,048 to ensure optimum functionality. |
Certificate Subject Name | Select either auto-generate to automatically create the certificate's subject credentials or user-configured to manually enter the credentials of the self-signed certificate. The default setting is auto-generate. |
Country (C) | Define the country used in the CSR. The field can be modified by the user to other values. This is a required field and must not exceed 2 characters. |
State (ST) | Enter the state or province name represented in the CSR. This is a required field. |
City (L) | Enter a city represented in the CSR. This is a required field. |
Organization (O) | Define the organization represented in the CSR. This is a required field. |
Organizational Unit (OU) | Enter the organization unit represented in the CSR. This is a required field. |
Common Name (CN) | If there is a common name (IP address) for the organizational unit issuing the certificate, enter it here. |
Email Address | Provide an email address used as the contact address for issues relating to this CSR. |
Domain Name | Enter a fully qualified domain name (FQDN): an unambiguous domain name that absolutely specifies the node's position in the DNS tree hierarchy. To distinguish an FQDN from a regular domain name, a trailing period is added – for example, somehost.example.com. An FQDN differs from a regular domain name by its absoluteness, as a suffix is not added. |
IP Address | Specify the IP address used as the destination for certificate requests. Only IPv4 formatted IP addresses are permitted. IPv6 formatted addresses are not permitted. |