Create a new signing request

Procedure

1. Go to Admin → Certificate Management → Signing Requests.
2. Click New.
3. Fill out the General section to specify CSR information used in the SMS and to create the private key.
   1. Provide a unique request name for the CSR to be stored in the SMS. The request name is not stored in the generated CSR.
   2. Select a key size. We recommend 2048 bits or greater.
   3. For enhanced security, specify a robust signature algorithm (SHA256, SHA384, or SHA512). The default is SHA512.
   4. Check or uncheck "Make it a Signing Certificate". A signing certificate sets the key certificate sign bit in the key usage extension and sets the basic constraints extension to true.
4. Fill out the Subject Distinguished Name section to define the subject of the certificate to be generated for the CSR.
   1. (Optional) Provide a valid email address for the subject.
   2. Provide a fully qualified domain name or the IP address of the owner for the certificate as the CN.
   3. (Optional) Provide one or multiple (one per line) organization units or department names of the certificate's subject DN, such as engineering and marketing.
   4. (Optional) Provide the organization name of the certificate's subject DN.
   5. (Optional) Provide the locality or the city of the certificate's subject DN.
   6. (Optional) Provide the state of the certificate's subject DN.
   7. (Optional) Provide the two-letter ISO code for the country of the certificate's subject DN.
5. Fill out the Subject Alternative Name section to add a DNS and RFC822 name to the subject alternative name extension in the CSR.
   1. (Optional) Provide a domain name for the subject alternative name.
   2. (Optional) Provide a user name of the owner as an email address.
6. Click OK.
   The CSR fields are saved to the SMS database. A public and private key pair is generated. A certificate is generated from the data and is used to create the actual CSR to be saved in the SMS database.