Generate a Certificate Signing Request Using the Operations Console

To replace a console certificate with a certificate by a third-party certificate authority (CA), you must generate a certificate signing request (CSR) and submit it to the CA. You may need to replace the console certificate for any of the following reasons:

  • Your network policy requires that you use certificates issues by another CA.

  • Your existing certificate is expired.

  • You submit a CSR to a CA to obtain a signed certificate. Use the Operations Console to generate a CSR.

Before you begin

  • You must be an Operations Console administrator.

  • Consult your CA to ensure that you have all of the required information for the CSR.


  1. In the Operations Console, click Deployment Configuration > Certificates > Console Certificate Management.

  2. In the Console Certificate Management page, click Generate CSR.

  3. In the Generate Certificate Signing Request page, under Certificate Basics, enter the requested information.

    Depending on your CA, you are asked to supply some or all of the following information:

    • (Required) Alias. The name of this certificate. This name appears underAliason the Console Management page. Only a-z, A-Z, space, and comma characters are allowed.

    • Country Name. The country where your organization is located. The value supplied to your CA is the two-letter country code.

    • State or Province Name. The state or province where your organization is located.

    • City or Locality Name. The city or town where your organization is located.

    • Organization Name. The legal name of your organization.

    • Organizational Unit Name. The division of your organization that is ordering the certificate, for example, engineering, accounting, marketing, and so on.

    • E-mail Address. An official e-mail address for verification, for example,

    • Subject Alternate Name. The Subject Alternate Name (SAN) allows you to protect multiple fully qualified domain names (FQDNs) with a single certificate. You can enter one or more FQDNs as comma-separated values, for example,, The default value is the FQDN used by the Authentication Manager administrative consoles.

    • Key Size. The encryption key size, for example, 4096. The default value is 2048.

  4. Click Generate File.

  5. In the Download File page, click Download.

  6. Follow the browser prompts to save the CSR file.

  7. In the Download File page, click Done.

After you finish

  • Send the certificate request file to the CA for signing and save the signed certificate request file on your local machine.

  • Import the trusted root and signed certificates and activate them. See Import a Console Certificate.

Related Concepts

Console Certificate