Description
To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match and a replacement has to be made.
Generate a Certificate Request
NOTE:A key length of 1024 bit is the default, but Geotrust recommends the use of a 2048 bit key.
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.
Create a new certificate request using the Configuration utility.
To connect to the Configuration Utility: in a browser, enter the administrative IP address of the BIG-IP device: https://<IP-Address>
- A Security Alert dialog box appears, click Yes
- The authentication dialog box appears
- Enter user name and password
- Click OK
- The Welcome screen opens.
- In the navigation pane, click Proxies > Create SSL Certificate Request tab
- In the Key Information section, select a key length and key file name
- In the Certificate Information section, enter the following information
- Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
- State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California
- Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
- Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll.
Example: XYZ Corporation - Organizational Unit (OU): This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request.
- Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.company.com" or "company.com".
Geotrust certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".Please do not enter your email address, challenge password or an optional company name when generating the CSR.
- Click Generate Certificate Request
- In the SSL Certificate Request screen, start the process of obtaining a certificate from Geotrust.
- Click on the URL for the Geotrust SSL certificate product to obtain a certificate for the server.