CA API Gateway 9.1

9.4 9.1

Generate a Certificate Signing Request (CSR)

You can use a private key to generate a new PKCS#10 certificate signing request (CSR). This CSR is then saved to the local hard disk of the machine running the Policy Manager, in either binary (.p10) or Base64 PEM (.pem) format. You can then send this CSR to a certificate authority (CA) to apply for an actual certificate.
gateway83
You can use a private key to generate a new PKCS#10 certificate signing request (CSR). This CSR is then saved to the local hard disk of the machine running the Policy Manager, in either binary (
.p10) or Base64 PEM (
.pem) format. You can then send this CSR to a certificate authority (CA) to apply for an actual certificate.
Many CAs allow you to apply for a certificate by uploading a CSR file through a Web page.
To generate a certificate signing request: 
  1. In the Policy Manager, select [
    Tasks
    ] > 
    Manage Private Keys
     from the Main Menu. The Manage Private Keys dialog appears.
  2. Select the private key to be used to generate the CSR and then click [
    Properties
    ]. The Private Keys Properties dialog appears.
  3. Click [
    Generate CSR
    ] in the 
    Other Actions
     section. You are prompted to provide a subject DN for the CSR. The current subject DN is offered as a default.
  4. Enter the 
    CSR Subject (DN)
    . This specifies the owner of the initial self-signed certificate and should be in the form of an X.509 subject. For example:
    CN=ssl.layer7tech.com, O="Layer 7 Technologies, Inc", L=Vancouver, ST=British Columbia, C=CA
    Fields that contain commas must be enclosed in quotes, as shown in the above example.
  5. Choose the 
    Signature hash
     to use from the drop-down list. The following options are available:
    • Auto (default)
       
    • SHA-1
       
    • SHA-256
       
    • SHA-384
       
    • SHA-512
      Selecting "Auto" duplicates the automatic signature hash selection that occurred in versions prior to 7.1. With this setting, the
      API Gateway
       uses the 
      com.l7tech.security.cert.alwaysSignWithSha1
       system property to determine the hash.
     
  6. Click [
    OK
    ]. You are prompted for a location to save the file.
  7. Navigate to the destination and then click [
    Save
    ]. Note that by default, the file is saved as a Base64 PEM file; you can change this to PKCS #10 format if necessary.

Content feedback and comments