SCT can generate a certificate signing request (CSR) on behalf of a network engine. However, SCT cannot act as a certificate authority (CA) for signing certificates. Requesting a certificate is a multi-step process that involves specifying the following information:
- common name
- email address
- name of organization
- name of organizational unit
- state or province
- name of country
The CSR steps are different depending on the device type: server or network engine.
Summary of Steps for Metasys Server:
- Use the Windows operating system of the Metasys server to create a CSR and an associated private key.
- Send the CSR for the server to the internal IT department or CA for signing. The internal IT department or CA returns the signed certificate file.
- Use IIS Manager on the Metasys server to complete the CSR, which includes importing the certificate.
- Use IIS Manager to bind the certificate to the server.
- Export all certificate files and store them in a safe and secure location in case you need to re-import them.
Summary of Steps for Network Engine:
- Verify that the device name in the SCT archive and the subject common name for the device match.
- Use SCT to create a CSR and an associated private key for each network engine. See Requesting a Certificate.
- Send the CSR for each engine to the internal IT department or CA for signing. The internal IT department or CA returns the signed certificate files.
- Import the signed certificate files for each network engine into the SCT archive. See Importing a Certificate.
Note: You need to import the root certificate, the server certificate, and an intermediate certificate file (if provided). The combination of one root certificate, one or more intermediate certificates, and one server certificate is known as a certificate chain. The certificate chain must be complete for both the server and each network engine to successfully configure a site.
The CSR is complete and SCT removes the certificate request from the Requests table. The private key that SCT previously created is paired with the imported certificate.
- Export all certificate files and store them in a safe and secure location in case you need to re-import them. See Exporting a Certificate.