To generate a Certificate Signing Request (CSR) for IChain 2.3, please follow the steps below:
- In the browser-based management tool, click Home > Certificate Maintenance > Create.
- Specify an appropriate name for the certificate.
- Type an appropriate subject name.
- Click the Signature Algorithm drop-down list, then select the algorithm you want to use (ex. SHA-1).
- Click the RSA Key Size drop-down list, then select the RSA key size that you want to use (2048 bit)
- Click Use External Certificate Authority.
The external certificate authority sets the validity period. You cannot set it using the Validity period option.
- Type a name for the Organizational Unit.
This is used to describe departments or divisions.
- Type a name for the Organization.
This is used to differentiate between organizational divisions.
- Type the city or town where your organization does business.
This is commonly referred to as the Locality.
- Type the non-abbreviated name of the state or province where the organization does business.
This is commonly referred to as the State.
- Type the International Standards Organization (ISO) country code for the country where the organization does business.
This is commonly referred to as the Country and must be a valid, two-character ISO country code.
- Click OK.
- Look at the Action and Status fields.
The Action field should have red arrows on the left and the word Request displayed on a green background. The Status should be Building.
The red arrows and green background indicate that you need to click Apply.
- Click Apply.
If any errors occur during the certificate request process, they are displayed in the Error field on a red background.
- If an error occurs, click Modify.
- In the Modify Certificate dialog box, make the changes necessary to resolve the errors, click OK.
- Click Apply and repeat the modification process until the Status field displays the words CSR in Progress on a yellow background.
As you create certificates on the appliance, you should observe the following guidelines:
- Identify the caching service for which the certificate will be used.
- Pick a name for the certificate that you will easily associate with its corresponding caching service. The name must contain only alphanumeric characters and no spaces. For example, you might pick Foo for the name of the foo.gov Web server accelerator or Marketing for the transparent service in the marketing department.
- Choose the subject name that the browser expects to find in the certificate.
- For accelerator services, the Subject Name field must contain the DNS name, with the fields separated by periods (.).
For example, the www.yourdomain.com Web server accelerator certificate must have a Subject Name of www.yourdomain.com.