Generate a Certificate Signing Request (CSR) for the Web Tier
Replacing the default RSA virtual host certificate is optional. You might need to replace this certificate for the following reasons:
Your network policy requires you to use certificates issued by a trusted root certificate authority (CA).
Your current certificate issued by a trusted root CA is expired.
You want to replace the default RSA certificate because your browser warns you that the default certificate is not trusted.
Before you can send a certificate signing request to a CA, you must generate the certificate signing request file in AM. AM generates the private key and certificate signing request.
Before you begin
You must be an Operations Console Administrator.
The virtual host must be defined.
Procedure
In the Operations Console, go to Deployment Configuration > Certificates > Virtual Host Certificate Management, and click Generate CSR.
On the Generate Virtual Host Certificate Signing Request page, do the following:
Confirm the Virtual Host name.
Enter an Alias.
(Optional) Enter a Country name
(Optional) Enter a State or Province name.
(Optional) Enter a City or Locality name.
(Optional) Enter an Organization name.
(Optional) Enter an Organizational Unit name.
(Optional) Enter an E-mail Address.
(Optional) Enter the Subject Alternate Name. The Subject Alternate Name (SAN) allows you to protect multiple fully qualified domain names (FQDNs) with a single certificate. You can enter one or more FQDNs as comma-separated values, for example, authservices.corp.com,authexample.com. The default value is the FQDN used by the AM administrative consoles.
(Optional) Select a Key Size from the drop-down list, for example, 4096. The default encryption key size is 2048.
Click Generate File.
On the Download File page, click Download.
Save the certificate request file to your local machine.
After you finish
Send the certificate request file to the CA for signing and save the signed certificate request file on your local machine.
Import the trusted root and signed certificates to the virtual host and activate them. See Import a Signed Virtual Host Certificate.
Related Articles
How to generate a Certificate Signing Request (CSR) with the Subject Alternative Name (SAN) field using openssl on RSA Aut… Number of Views Generate a Certificate Signing Request Using the Operations Console Number of Views How to generate a vettor certificate from a PKCS#10 (CSR) request Number of Views Add, Delete, and Test the Connection for an Identity Source in Cloud Access Service Number of Views Delete unwanted Certificate Signing Requests (CSR) from the RSA Authentication Manager Operations Console Certificate Mana… Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
