Generate a Certificate Signing Request (CSR) for the Web Tier

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Feb 12, 2018
Version 3Show Document
  • View in full screen mode

Replacing the default RSA virtual host certificate is optional. You might need to replace this certificate for the following reasons:

  • Your network policy requires you to use certificates issued by a trusted root certificate authority (CA).

  • Your current certificate issued by a trusted root CA is expired.

  • You want to replace the default RSA certificate because your browser warns you that the default certificate is not trusted.

Before you can send a certificate signing request to a CA, you must generate the certificate signing request file in Authentication Manager. Authentication Manager generates the private key and certificate signing request.

Before you begin 

  • You must be an Operations Console Administrator.

  • The virtual host must be defined.


  1. In the Operations Console, go to Deployment Configuration > Certificates > Virtual Host Certificate Management, and click Generate CSR.

  2. On the Generate Virtual Host Certificate Signing Request page, do the following:

    1. Confirm the Virtual Host name.

    2. Enter an Alias.

    3. (Optional) Enter a Country name

    4. (Optional) Enter a State or Province name.

    5. (Optional) Enter a City or Locality name.

    6. (Optional) Enter an Organization name.

    7. (Optional) Enter an Organizational Unit name.

    8. (Optional) Enter an E-mail Address.

    9. (Optional) Enter the Subject Alternate Name. The Subject Alternate Name (SAN) allows you to protect multiple fully qualified domain names (FQDNs) with a single certificate. You can enter one or more FQDNs as comma-separated values, for example,, The default value is the FQDN used by the Authentication Manager administrative consoles.

    10. (Optional) Select a Key Size from the drop-down list, for example, 4096. The default encryption key size is 2048.

  3. Click Generate File.

  4. On the Download File page, click Download.

  5. Save the certificate request file to your local machine.

After you finish 

  • Send the certificate request file to the CA for signing and save the signed certificate request file on your local machine.

  • Import the trusted root and signed certificates to the virtual host and activate them. See Import a Signed Virtual Host Certificate.