Create and Generate a Certificate Signing Request

A certificate signing request (CSR) is a message from a requester to a certificate authority to apply for a digital certificate. The CSR is composed of a block of encrypted text generated on the server where the certificate will be used. It contains the organization name, common name (domain name), locality, and country.

An RSA key must be either created or applied to the certificate request before the certificate can be generated. A private key is not included in the CSR, but it is used to digitally sign the completed request. The certificate created with a particular CSR only works with the private key generated with it. If the private key is lost, the certificate is no longer functional. The CSR can be accompanied by other identity credentials required by the certificate authority, and the certificate authority maintains the right to contact the applicant for additional information.

If the request is successful, the CA sends an identity certificate digitally signed with the private key of the CA.

Use this procedure to create and generate a CSR.

Go to Devices and select the device to which you want to apply the new self-signed certificate.
Select the Certificates tab.

Select the Create CSR tab and configure the parameters as described in .


Parameter	Description
Create New Signing Request (CSR)
SSH RSA Key	Set the key used by both the controller or service platform and the server (or repository) of the target RSA key. Use the drop-down menu to select one of the following options: Generate New — Enter a Name to identify the RSA key. By default, the key size is 2,048 bits. Use Existing — Use the drop-down menu to select a RSA Key Name.
Certificate Subject Name
Certificate Subject Name	Use the drop-down menu to select one of the following options: User Configured — Enter the credentials of the CSR. Auto Generate — Automatically creates the CSR's subject credentials.
Country (C)	Define the country used in the CSR. This is a required field and must not exceed 2 characters.
State (ST)	Enter the state or province name used in the CSR. This is a required field.
City (L)	Enter a city to represent the city used in the CSR. This is a required field.
Organization (O)	Define the organization represented in the CSR. This is a required field.
Organizational Unit (OU)	Enter the organization unit represented in the CSR. This is a required field.
Common Name (CN)	If there is a common name (IP address) for the organizational unit issuing the certificate, enter it here.
Additional Credentials
Email Address	Provide an email address to be used as the contact address for issues relating to this CSR request. This is a required field.
Domain Name	Enter a fully qualified domain name (FQDN), which is an unambiguous domain name that absolutely specifies the node's position in the DNS tree hierarchy. To distinguish an FQDN from a regular domain name, a trailing period is added, for example, somehost.example.com.. An FQDN differs from a regular domain name by its absoluteness, as a suffix is not added. This is a required field.
IP Address	Specify the IP address used as the destination for certificate requests. Only IPv4 formatted IP addresses are permitted. IPv6 formatted addresses are not permitted. This is a required field.

Select Generate CSR to generate the CSR.

Note
If you exit Create CSR configuration without generating the CSR, configured settings will persist, but only until you log out.