Creating a Certificate Signing Request

A certificate signing request (CSR) tells an external Certificate Authority (CA) that you want an SSL certificate generated and signed by that CA. The SSL certificate can then be uploaded to KeyControl Compliance Manager and used in place of the default self-signed certificate.

When you use KeyControl Compliance Manager to create the CSR, KeyControl Compliance Manager creates a key pair and uses that key pair in conjunction with the information you specify to create the CSR. KeyControl Compliance Manager then encrypts the key pair and stores it for later use.

You can use the resulting CSR to generate an SSL certificate from the external CA you want to use. After you receive the SSL certificate from that external CA, you can upload it to KeyControl Compliance Manager. Because the key pair already exists on the system, you do not need to upload anything else.

If you create the CSR to generate an SSL certificate to be installed for internal web server, you must include the IP address of the KeyControl Compliance Manager node in Subject Alternative Name.

If you create the CSR outside of KeyControl Compliance Manager, you need to upload both the SSL certificate and the matching private key file when you install the certificate on KeyControl Compliance Manager.

  1. Log into the KeyControl Compliance Manager webGUI with your standard account credentials.
  2. In the top right, click the Switch to Appliance Management link.
  3. In the top menu bar, click Cluster.
  4. Click the Servers tab and select a KeyControl Compliance Manager node.
  5. Select Actions > Create CSR.

  6. In the Generate Certificate Signing Request dialog box, specify the options you want to use.

    Field

    Description
    Common Name The name to associate with this request. By default, KeyControl Compliance Manager enters the selected server name in this field. You can edit the default name as needed.

    Locality

    The locale to associate with this request.
    State The state to associate with this request.

    Subject Alternative Names

    The host names that will be protected by this certificate. If you want to use the same certificate on multiple KeyControl Compliance Manager nodes in the system for the external web server, add all of the KeyControl Compliance Manager URLs to this list.

    By default, KeyControl Compliance Manager adds the URL of the selected KeyControl Compliance Manager node. You can change or delete the default URL as long as you end up specifying at least one KeyControl Compliance Manager node in this field.

    Key Size

    Select the key size that you want to use. The default is 4096 bytes.

    Country The country to associate with this request. The default is US.
    Organization

    The organization to associate with this request.

    Organization Unit

    		 The organizational unit associate with this request.
  7. Click Generate.
  8. When you receive the message that the CSR has been created, click Download to save a copy of the CSR to your browser's default download directory or click Preview to view the CSR in a pop-up window. You can copy the CSR from the Preview window to the clipboard if desired.
  9. Use the CSR to request an SSL certificate from the external Certificate Authority you want to use. How you do this depends on the CA you are using.