Generate a Certificate Signing Request (CSR) for the Web Tier
Replacing the default RSA virtual host certificate is optional. You might need to replace this certificate for the following reasons:
Your network policy requires you to use certificates issued by a trusted root certificate authority (CA).
Your current certificate issued by a trusted root CA is expired.
You want to replace the default RSA certificate because your browser warns you that the default certificate is not trusted.
Before you can send a certificate signing request to a CA, you must generate the certificate signing request file in AM. AM generates the private key and certificate signing request.
Before you begin
You must be an Operations Console Administrator.
The virtual host must be defined.
Procedure
In the Operations Console, go to Deployment Configuration > Certificates > Virtual Host Certificate Management, and click Generate CSR.
On the Generate Virtual Host Certificate Signing Request page, do the following:
Confirm the Virtual Host name.
Enter an Alias.
(Optional) Enter a Country name
(Optional) Enter a State or Province name.
(Optional) Enter a City or Locality name.
(Optional) Enter an Organization name.
(Optional) Enter an Organizational Unit name.
(Optional) Enter an E-mail Address.
(Optional) Enter the Subject Alternate Name. The Subject Alternate Name (SAN) allows you to protect multiple fully qualified domain names (FQDNs) with a single certificate. You can enter one or more FQDNs as comma-separated values, for example, authservices.corp.com,authexample.com. The default value is the FQDN used by the AM administrative consoles.
(Optional) Select a Key Size from the drop-down list, for example, 4096. The default encryption key size is 2048.
Click Generate File.
On the Download File page, click Download.
Save the certificate request file to your local machine.
After you finish
Send the certificate request file to the CA for signing and save the signed certificate request file on your local machine.
Import the trusted root and signed certificates to the virtual host and activate them. See Import a Signed Virtual Host Certificate.
Related Articles
Web-Tier Deployments Number of Views How to generate a Certificate Signing Request (CSR) with the Subject Alternative Name (SAN) field using openssl on RSA Aut… Number of Views XudaInstanceOf failed to get xuda_cert_req object! result = 48 Number of Views Generate a Certificate Signing Request Using the Operations Console Number of Views Program Error: 'req-authorize.xuda: Line 518: [XrcNOTFOUND] unable to locate requested member or object. Unable to sign ce… Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
