Certificate Signing Request (CSR) - Metasys - LIT-12011964 - Software Application - System Configuration Tool - 16.0

SCT: System Configuration Tool Help

Brand
Metasys
Product name
System Configuration Tool
Document type
User Guide
Document number
LIT-12011964
Version
16.0
Revision date
2023-10-02
Language
English

Menu Selection: Tools > Certificate Management

SCT can generate a certificate signing request (CSR) on behalf of a network engine. However, SCT cannot act as a certificate authority (CA) for signing certificates. Requesting a certificate is a multi-step process that involves specifying the following information:

  • common name
  • email address
  • name of organization
  • name of organizational unit
  • city
  • state or province
  • name of country

The CSR steps are different depending on the device type: server or network engine.

Summary of Steps for Metasys Server:

  1. Use the Windows operating system of the Metasys server to create a CSR and an associated private key.
  2. Send the CSR for the server to the internal IT department or CA for signing. The internal IT department or CA returns the signed certificate file.
  3. Use IIS Manager on the Metasys server to complete the CSR, which includes importing the certificate.
  4. Use IIS Manager to bind the certificate to the server.
  5. Export all certificate files and store them in a safe and secure location in case you need to re-import them.
Note: If the Metasys Server and Metasys UI are installed on the same computer, they share the same certificate.

Summary of Steps for Network Engine:

  1. Verify that the device name in the SCT archive and the subject common name for the device match.
  2. Use SCT to create a CSR and an associated private key for each network engine. See Requesting a Certificate.
  3. Send the CSR for each engine to the internal IT department or CA for signing. The internal IT department or CA returns the signed certificate files.
  4. Import the signed certificate files for each network engine into the SCT archive. See Importing a Certificate.
    Note: You need to import the root certificate, the server certificate, and an intermediate certificate file (if provided). The combination of one root certificate, one or more intermediate certificates, and one server certificate is known as a certificate chain. The certificate chain must be complete for both the server and each network engine to successfully configure a site.

    The CSR is complete and SCT removes the certificate request from the Requests table. The private key that SCT previously created is paired with the imported certificate.

  5. Export all certificate files and store them in a safe and secure location in case you need to re-import them. See Exporting a Certificate.
Note: You cannot request a CSR for a device if an existing CSR is still pending. You must delete the existing CSR first.
Important: The private key that is generated when the CSR is created can be associated with the new certificate only if the device name in the SCT archive and the subject common name for the device match. Therefore, before requesting a device CSR, verify that the device name is correct. If not, the newly purchased certificate could be worthless because of the device name mismatch. A common mistake is to forget to include the company domain name with the CSR. No workaround is available that can recover the use of the new certificate.