CA API Gateway 9.1

9.4 9.1

Generate a Certificate Signing Request (CSR)

You can use a private key to generate a new PKCS#10 certificate signing request (CSR). This CSR is then saved to the local hard disk of the machine running the Policy Manager, in either binary (.p10) or Base64 PEM (.pem) format. You can then send this CSR to a certificate authority (CA) to apply for an actual certificate.
gateway
You can use a private key to generate a new PKCS#10 certificate signing request (CSR). This CSR is then saved to the local hard disk of the machine running the Policy Manager, in either binary (
.p10) or Base64 PEM (
.pem) format. You can then send this CSR to a certificate authority (CA) to apply for an actual certificate.
Many CAs allow you to apply for a certificate by uploading a CSR file through a Web page.
To generate a certificate signing request: 
  1. In the Policy Manager, select
    [Tasks] > Certificates, Keys, and Secrets > Manage Private Keys
     from the Main Menu. The Manage Private Keys dialog appears.
  2. Select the private key to be used to generate the CSR and then click [
    Properties
    ]. The Private Keys Properties dialog appears.
  3. Click [
    Generate CSR
    ] in the 
    Other Actions
     section. You are prompted to provide a subject DN for the CSR. The current subject DN is offered as a default.
  4. Enter the 
    CSR Subject (DN)
    . This is presented to the requestor and it specifies the owner of the initial self-signed certificate. It should be in the form of an X.509 subject. For example:
    CN=ssl.ca.com, O="CA Technologies, Inc", L=Vancouver, ST=British Columbia, C=CA
    Note that fields with commas must be enclosed in quotes.
    Some certificate authorities require specifically formatted subject DN attributes to be present in the CSR. This may include attributes such as “Country,” “State,” “Locality,” or “Organization.” Verify which subject DN attributes are necessary from the issuing organization.
  5. Choose the 
    Signature hash
     to use from the drop-down list. The following options are available:
    • Auto (default)
       
    • SHA-1
       
    • SHA-256
       
    • SHA-384
       
    • SHA-512
  6. Click [
    OK
    ]. You are prompted for a location to save the file.
  7. Navigate to the destination and then click [
    Save
    ]. Note that by default, the file is saved as a Base64 PEM file; you can change this to PKCS #10 format if necessary.

Content feedback and comments