Generate a Certificate Signing Request (CSR) for the Web Tier
Replacing the default RSA virtual host certificate is optional. You might need to replace this certificate for the following reasons:
Your network policy requires you to use certificates issued by a trusted root certificate authority (CA).
Your current certificate issued by a trusted root CA is expired.
You want to replace the default RSA certificate because your browser warns you that the default certificate is not trusted.
Before you can send a certificate signing request to a CA, you must generate the certificate signing request file in AM. AM generates the private key and certificate signing request.
Before you begin
You must be an Operations Console Administrator.
The virtual host must be defined.
Procedure
In the Operations Console, go to Deployment Configuration > Certificates > Virtual Host Certificate Management, and click Generate CSR.
On the Generate Virtual Host Certificate Signing Request page, do the following:
Confirm the Virtual Host name.
Enter an Alias.
(Optional) Enter a Country name
(Optional) Enter a State or Province name.
(Optional) Enter a City or Locality name.
(Optional) Enter an Organization name.
(Optional) Enter an Organizational Unit name.
(Optional) Enter an E-mail Address.
(Optional) Enter the Subject Alternate Name. The Subject Alternate Name (SAN) allows you to protect multiple fully qualified domain names (FQDNs) with a single certificate. You can enter one or more FQDNs as comma-separated values, for example, authservices.corp.com,authexample.com. The default value is the FQDN used by the AM administrative consoles.
(Optional) Select a Key Size from the drop-down list, for example, 4096. The default encryption key size is 2048.
Click Generate File.
On the Download File page, click Download.
Save the certificate request file to your local machine.
After you finish
Send the certificate request file to the CA for signing and save the signed certificate request file on your local machine.
Import the trusted root and signed certificates to the virtual host and activate them. See Import a Signed Virtual Host Certificate.
Related Articles
Generate a Certificate Signing Request Using the Operations Console Number of Views How to generate a Certificate Signing Request (CSR) with the Subject Alternative Name (SAN) field using openssl on RSA Aut… Number of Views Delete unwanted Certificate Signing Requests (CSR) from the RSA Authentication Manager Operations Console Certificate Mana… Number of Views How to generate a vettor certificate from a PKCS#10 (CSR) request Number of Views What is the Change Request Pending Submission State in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
