Creating a certificate signing request

Content Platform for Cloud Scale Administration Guide

Version
2.6.x
File Size
1950 KB
Audience
anonymous
Part Number
MK-HCPCS008-11

You can create a CSR using the Admin App or a third-party tool. When you use the Admin App, the system securely stores the private key needed for installing the returned certificate, so you don’t need to save the key yourself.

Verify what information is required with the certificate authority (CA) that you plan to use.

Admin App instructions

  1. Select Dashboard > Configuration.
  2. Click Certificates.
  3. Select the System tab.
  4. Click Update System Certificate.
  5. Select the CSR window.
  6. Choose Generate a new certificate signing request and click Continue.
  7. Fill in the following as needed:
    • In the Common Name (CN) box, type the cluster name or an asterisk (*) followed by the DNS name of the system (for example, cluster.company.com or *.company.com).

      Common Name (CN) is required.

    • In the Organizational Unit (OU) box, type the name of the organizational unit that uses the system (for example, the name of a division or a name under which the company does business).
    • In the Organization (O) box, type the full legal name of the organization.
    • In the Location (L) box, type the name of the city in which the organization's headquarters are located.
    • In the State/Province (ST) box, type the full name of the state or province in which the organization's headquarters are located.
    • In the Country (C) box, type the two-letter ISO 3166-1 abbreviation for the country in which the organization's headquarters are located (for example, US for the United States).
    • In the Subject Alternate Name box, type cluster.dns *.cluster.dns, where cluster is the name of your HCP for cloud scale cluster.

      For example: cluster.company.com *.cluster.company.com

      Subject Alternative Name is required for Chrome browsers.
      Note: The System Management application supports a single SAN, so arrange with your CA to include two SANs in the final signed certificate.
  8. Click Generate CSR.
    The page displays the generated certificate request.
  9. Copy and paste the request text into a file and send that file to the CA.