SonicOS 7.1 Device Settings

Managing Certificates > Generating a Certificate Signing Request
Table of Contents

Generating a Certificate Signing Request

You should create a Certificate Policy to be used in conjunction with local certificates. A Certificate Policy determines the authentication requirements and the authority limits required for the validation of a certificate.

To generate a certificate signing request

  1. Navigate to Device | Settings > Certificates.

  2. Click New Signing Request. The Certificate dialog is displayed.

  3. Enter an alias name for the certificate in the Certificate Alias field.

  4. Create a Distinguished Name (DN) using the drop-down menus shown in table below, then enter information for the certificate in the associated fields.

    For each DN, you can select your country from the associated drop-down menu; for all other components, enter the information in the associated field.

    Drop-down menuSelect appropriate information
    Country
    • Country (default)
    • State
    • Locality or County
    • Company or Organization
    State
    • Country
    • State (default)
    • Locality, City, or County
    • Company or Organization
    • Department
    Locality, City, or County
    • Locality, City, or County (default)
    • Company or Organization
    • Department
    • Group
    • Team
    Company or Organization
    • Company or Organization (default)
    • Department
    • Group
    • Team
    • Common Name
    • Serial Number
    • E-Mail Address
    Department
    • Department (default)
    • Group
    • Team
    • Common Name
    • Serial Number
    • E-Mail Address
    Group
    • Group (default)
    • Team
    • Common Name
    • Serial Number
    • E-Mail Address
    Team
    • Team (default)
    • Common Name
    • Serial Number
    • E-Mail Address
    Common Name
    • Common Name (default)
    • Serial Number
    • E-Mail Address

    As you enter information for the components, the Distinguished Name (DN) is created in the Subject Distinguished Name field.

  5. Optionally, you can also attach a SUBJECT ALTERNATIVE NAME to the certificate after selecting the type from the drop-down menu:

    • Domain Name

    • Email Address

    • IPv4 Address

  6. Select a signature algorithm from the drop-down menu:

    • SHA1 (default)
    • MD5

    • SHA256

    • SHA384

    • SHA512

  7. Select a subject key type from the drop-down menu:

    RSA (default) A public key cryptographic algorithm used for encrypting data,
    ECDSAEncrypts data using the Elliptic Curve Digital Signature Algorithm, which has a high strength-per-key-bit security.

  8. Select a subject key size or curve from the Subject Key Size/Curve drop-down menu.

    Not all key sizes or curves are supported by a Certificate Authority, therefore, you should check with your CA for supported key sizes.

    If you selected a Key Type of
    RSA, select a key sizeECDSA, select a curve
    1024 bits (default) prime256vi: X9.62.SECG curve over a 256 bit prime field (default)
    1536 bits secp384r1: NIST/SECG curve over a 384 bit prime field
    2048 bits secp521r1: NIST/SECG curve over a 521 bit prime field
    4096 bits  
  9. Click Generate to create a certificate signing request file.

    10. When the Certificate Signing Request is generated, a message describing the result is displayed and a new entry appears in the Certificates table with the type Pending request.

  10. Click the Export icon. The Export Certificate Request dialog is displayed.

  11. Click the Export icon to download the file to your computer. An Opening <certificate> dialog displays.

  12. Click OK to save the file to a directory on your computer.

    You have generated the Certificate Request that you can send to your Certificate Authority for validation.

  13. Click the Upload icon to upload the signed certificate for a signing request. The Upload Certificate dialog is displayed.

  14. Click Choose File to select a file.
  15. Select the file and click Open.
  16. Click UPLOAD.