If you wish to create a certificate for Access Manager you will first need a Certificate Server Request (CSR). The CSR is a file that contains the vital information and encryption details, when provided to a Certificate Authority (CA) the CSR is used to create a trusted server certificate which can be applied to Access Manager to prove to connecting users that the server is trusted.
The CSR can be created during the Access Manager installation, if you skipped this however, or you would like to change the details, you'll need to generate a new key and self signed certificate.
1. Log into Access Manager as admin and go to Configuration > SSL and expand the "Upload Keys and Certificates" section, select the option "Generate Key + Certificate". If you have already generated your server key during installation select "Download CSR" and go to step 4.
2. To create the CSR you will need to complete all of the requested fields
- Subject Alternative Name (SAN): The fully-qualified domain name you're securing (e.g www.hypersocket.com). Click Add to add the SAN. You may have an existing IP entry in the list, remove this.
- Common Name (CN): The fully-qualified domain name you're securing. This is now a deprecated field, so if you have set a Subject Alternative Name, you should technically be able leave this blank. However for legacy reasons, it is a good idea to enter the hostname again in this field (e.g www.hypersocket.com).
- Organisational Unit (OU): If applicable, enter the organisational unit or company department responsible for this server.
-
Organisation (O): The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requester’s name.
-
City or Locality (L): Name of the city where your organisation is registered/located. Do not abbreviate.
-
State or Province (ST): Name of the state or province where your organisation is located. Do not abbreviate.
-
Two digit country code (C): The two-letter International Organisation for Standardisation (ISO) format country code for where your organisation is legally registered.
- Key Size: The bit length of the private key (keep as default 2048).
- Subject Alternative Name (SAN): The fully-qualified domain name you're securing (e.g www.hypersocket.com). Click Add to add the SAN. You may have an existing ip: entry in the list, remove this.
- Common Name (CN): The fully-qualified domain name you're securing. This is now a deprecated field, so if you have set a Subject Alternative Name, you should technically be able leave this blank. However for legacy reasons, it is a good idea to enter the hostname again in this field (e.g www.hypersocket.com).
- Organisational Unit (OU): If applicable, enter the organisational unit or company department responsible for this server.
-
Organisation (O): The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requester’s name.
-
City or Locality (L): Name of the city where your organisation is registered/located. Do not abbreviate.
-
State or Province (ST): Name of the state or province where your organisation is located. Do not abbreviate.
-
Two digit country code (C): The two-letter International Organisation for Standardisation (ISO) format country code for where your organisation is legally registered.
- Key Size: The bit length of the private key (keep as default 2048).
Select Finish once information entry is complete, the SSL Server Key will be created and the service must be restarted for it to be applied correctly.
3. After the service restart completes and the SSL Server Key have been applied return to Configuration > SSL and expand the “Upload Keys and Certificates” section again, now select the “Download CSR” option.
4. Click Continue and then 'Download', save the file to a safe location
