Creating a Certificate Signing Request

A certificate signing request (CSR) tells an external Certificate Authority (CA) that you want an SSL certificate generated and signed by that CA. The SSL certificate can then be uploaded to KeyControl and used in place of the default self-signed certificate.

When you use KeyControl to create the CSR, KeyControl creates a key pair and uses that key pair in conjunction with the information you specify to create the CSR. KeyControl then encrypts the key pair and stores it for later use.

You can use the resulting CSR to generate an SSL certificate from the external CA you want to use. After you receive the SSL certificate from that external CA, you can upload it to KeyControl. Because the key pair already exists on the system, you do not need to upload anything else.

If you create the CSR outside of KeyControl, you need to upload both the SSL certificate and the matching private key file when you install the certificate on KeyControl.

  1. Log into the KeyControl webGUI on any node in the cluster using an account with Domain Admin privileges.
  2. In the top menu bar, click Cluster.
  3. Click the Servers tab and select a KeyControl node.
  4. Select Actions > Create CSR.

  5. In the Generate Certificate Signing Request dialog box, specify the options you want to use.

    ClosedOptions

    Field

    Description
    Common Name The name to associate with this request. By default, KeyControl enters the selected server name in this field. You can edit the default name as needed.

    Locality

    The locale to associate with this request.
    State The state to associate with this request.

    Subject Alternative Names

    The host names that will be protected by this certificate. If you want to use the same certificate on multiple KeyControl nodes in the system, add all of the KeyControl URLs to this list.

    By default, KeyControl adds the URL of the selected KeyControl node. You can change or delete the default URL as long as you end up specifying at least one KeyControl node in this field.
    Country The country to associate with this request. The default is US.
    Organization

    The organization to associate with this request.

    Organization Unit

    		 The organizational unit associate with this request.
  6. Click Generate.
  7. When you receive the message that KeyControl has created the CSR, click Download to save a copy of the CSR to your browser's default download directory or click Preview to view the CSR in a pop-up window. You can copy the CSR from the Preview window to the clipboard if desired.
  8. Use the CSR to request an SSL certificate from the external Certificate Authority you want to use. How you do this depends on the CA you are using.

What to Do Next 

After you receive the SSL certificate from the external CA, install it on KeyControl as described in Installing a New External Certificate.

 

HyTrust DataControl v 4.2.1

Copyright © 2018 HyTrust, Inc. All Rights Reserved.

Follow us: