Before you begin
The following steps demonstrate how to create a request for an SSL certificate (CSR) using the XCA - X Certificate and key management application, copyright 2014 by Christian Hohnstädt, as an example of how to perform this task. You must make sure to use a certificate request generating application that is approved by your IT department. This procedure creates a file in a format for submitting the properties of your SSL certificate to the certificate authority. Your IT department must also approve the Public Certificate Authority to which you submit your request.
Open your certificate request
creating application, select the Certificate signing
requests tab if necessary, and click New
Request. The Create Certificate signing request screen appears.
Figure 1. New Certificate Signing Request Tab
In Signing request enter
The unstructured name is used by the certificate signing authority and may be set to your organization name.
Accept the defaults (SHA1 and [default]CA) unless they conflict with your IT policies and click the Subject tab.Figure 2. Create CSR Source Screen
In the Distinguished Name Properties
window, enter the following information:
- Internal name: This name is only used internally and does not appear in the certificate.
- organizationName: the name of your organization
- countryName: the country in which your organization is located
- organizationalUnitName: the name of your department within the organization
- stateOrProvinceName: the state in which your organization is located
- commonName: the domain name without https://. The domain name should be the site used to browse to the MAP Gateway UI.
- localityName: the city in which your organization is located
- emailAddress: Typically the address of the administrator of your organization.
- Private key: This drop-down list contains private keys that you have already generated. In this case, select New Key (RSA) which was generated in the Generating a Private Key section of this document. If you have not created a private key or wish to create a new one, click Generate a new key and follow the steps in Generating a Private Key in this document.
Figure 3. New CSR Subject Tab
Validity and Time range
sections to define time limits and valid ranges for your certificate. Click
Figure 4. New CSR Extensions Tab
The new certificate signing request
is now in your list of certificates with the internal name you assigned. Select
the certificate and click Export.
Figure 5. New CSR Created
Click the browse button, choose a
location for the new CSR file, and click OK. This file will be used to purchase
a certificate request from a Public Certificate Authority.
Figure 6. Certificate Request Export