Certificate Signing Requests

Key Manager Plus enables users to generate Certificate Signing Requests (CSRs) directly within its interface and utilize them to request certificates from any public Certificate Authority. Additionally, Key Manager Plus provides robust management capabilities for CSRs, including import, export, and deletion functionalities. This ensures efficient handling and security of certificate requests throughout the lifecycle.

At the end of this help document you will have learned about generating and managing the CSRs from the Key Manager Plus interface.

1. Generating a CSR from Key Manager Plus

The following steps explain in detail on how to generate a CSR directly from the Key Manager Plus interface:

Navigate to SSL >> CSR. Here, you will see all the available CSRs in a list view and their details such as Domain Name, Created By, Created Time, Key Size, Key Algorithm, etc.

Click Create to generate a new CSR. In the new window that opens, enter the following:

  1. Choose between Create CSR or Create CSR from KeyStore.
  2. If you choose to Create CSR from KeyStore, select the KeyStore file, enter the Private Key Password of the selected KeyStore, the Expiry Notification Email and click Create.
  3. If you choose to Create CSR manually, follow the below steps:
    1. Specify the required details such as Common Name, SAN, Organization Unit, Organization, Location, State, Country, and Email Address.

      Note: You can also fill in the CSR details using the available templates from the Choose From Template option. Click Manage CSR Templates to manage the required sets of CSR templates.

    2. Select the Key Algorithm, Key Size, Signature Algorithm, and KeyStore Type.
    3. Choose a Validity Type (Days, Hours, or Minutes) and mention the Validity.
    4. Enter the Store Password and the Expiry Notification Email address.
    5. Select the Sign Type and enter the required details.

      Notes:
      If you are a user with the operator role, tick the checkbox Already approved by the administrator to sign certificates and select the administrators to notify.
      Do not select the Sign Type if you opt to sign your CSR later. To know more about signing the CSR later, click here.

    6. Click Create. You will be redirected to a CSR window where the CSR content is displayed.
    digicert-6

If you are willing to use the KeyStore file from an SSL certificate present in the Key Manager Plus repository, do the steps that follow:

  1. Navigate to the SSL >> Certificates tab.
  2. Select the SSL certificate from which the KeyStore is to be used for creating a CSR and select Create CSR under the More option in the top pane.
  3. In the pop-up that opens, you can add an expiry notification email.
  4. Now, click Create to create the CSR from the KeyStore which is available in your Key Manager Plus repository.

You have successfully created a CSR and it has been added to the list view. The CSR will be assigned to the user who created it.

Note:
The Administrator can grant access to allow an operator to sign the CSR.
To grant access, navigate to Settings >> SSL >> Operator Settings, select Allow/Deny Certificate Signing Permission for the operator globally, and click Save.

Note:
(Applicable from build 5920 onwards)
Apart from having a wildcard certificate name in the Common Name field, you can add the wildcard name in the SAN field while creating a CSR. With wildcard certificates, one can secure an unlimited number of subdomains for a registered base domain. For example, consider the base-domain zoho.com, a wildcard certificate for *.zoho.com can secure any subdomain.zoho.com. The asterisk (*) is the wildcard that corresponds to any valid subdomain.


2. Managing the CSRs from Key Manager Plus

  1. Show Passphrase - The show passphrase icon corresponding to every CSR allows administrators to view the Keystore passwords of respective CSR files.
  2. Export - You can export and mail the CSR to a specified mail ID by using the icons in the CSR displayed in the list view.
  3. Besides generating CSRs from Key Manager Plus, you can also upload CSRs generated from outside the application and track their statuses from Key Manager Plus using the Import option in the top menu. If you choose to import a CSR, click Import. In the pop-up that appears:
    1. Click Browse to Select a CSR file and Select a Key file.
    2. Enter the Private Key Password and click Import.
    Your CSR has been successfully imported and can be viewed in the list view. Key Manager Plus automatically pins the certificate file with its corresponding private key and adds it to its centralized repository.
  4. Delete - To Delete a CSR, select the CSR you wish to delete and click Delete. In the pop-up that appears, click Ok. You have now successfully deleted the selected CSR.
  5. CSR Template - Click CSR Template to add, delete, or manage the templates. These templates after generated can be used while generating CSRs.
    manage-ssl-csr-view
Top