Creating a Certificate Signing Request

A certificate signing request (CSR) tells an external Certificate Authority (CA) that you want an SSL certificate generated and signed by that CA. The SSL certificate can then be uploaded to Cryptographic Security Platform Compliance Manager and used in place of the default self-signed certificate.

When you use Cryptographic Security Platform Compliance Manager to create the CSR, Cryptographic Security Platform Compliance Manager creates a key pair and uses that key pair in conjunction with the information you specify to create the CSR. Cryptographic Security Platform Compliance Manager then encrypts the key pair and stores it for later use.

You can use the resulting CSR to generate an SSL certificate from the external CA you want to use. After you receive the SSL certificate from that external CA, you can upload it to Cryptographic Security Platform Compliance Manager. Because the key pair already exists on the system, you do not need to upload anything else.

If you create the CSR to generate an SSL certificate to be installed for internal web server, you must include the IP address of the Cryptographic Security Platform Compliance Manager node in Subject Alternative Name.

If you create the CSR outside of Cryptographic Security Platform Compliance Manager, you need to upload both the SSL certificate and the matching private key file when you install the certificate on Cryptographic Security Platform Compliance Manager.

  1. Log into the Cryptographic Security Platform Compliance Manager webGUI with your standard account credentials.
  2. In the top right, click the Switch to Appliance Management link.
  3. In the top menu bar, click Cluster.
  4. Click the Servers tab and select a Cryptographic Security Platform Compliance Manager node.
  5. Select Actions > Create CSR.

  6. In the Generate Certificate Signing Request dialog box, specify the options you want to use.

    Field

    Description
    Common Name The name to associate with this request. By default, Cryptographic Security Platform Compliance Manager enters the selected server name in this field. You can edit the default name as needed.

    Locality

    The locale to associate with this request.
    State The state to associate with this request.

    Subject Alternative Names

    The host names that will be protected by this certificate. If you want to use the same certificate on multiple Cryptographic Security Platform Compliance Manager nodes in the system for the external web server, add all of the Cryptographic Security Platform Compliance Manager URLs to this list.

    By default, Cryptographic Security Platform Compliance Manager adds the URL of the selected Cryptographic Security Platform Compliance Manager node. You can change or delete the default URL as long as you end up specifying at least one Cryptographic Security Platform Compliance Manager node in this field.

    Key Size

    Select the key size that you want to use. The default is 4096 bytes.

    Country The country to associate with this request. The default is US.
    Organization

    The organization to associate with this request.

    Organization Unit

    		 The organizational unit associate with this request.
  7. Click Generate.
  8. When you receive the message that the CSR has been created, click Download to save a copy of the CSR to your browser's default download directory or click Preview to view the CSR in a pop-up window. You can copy the CSR from the Preview window to the clipboard if desired.
  9. Use the CSR to request an SSL certificate from the external Certificate Authority you want to use. How you do this depends on the CA you are using.