You can generate the tenant's CSR file (certificate signing request) either on the Service Provider appliance or the tenant nodes.
- If you are generating certificates on the Service Provider appliance, be sure to create in a tenant specific directory so files are not confused among tenants.
- Always name the file using the domain for which the cert is being generated.
- Collect the following information for the tenant:
- Country Code
- State and Locality
- Full Legal Company Name
- Organizational Unit
- At the command line run the following command:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csrwhere server is the domain you want to create a cert for - such as desktops.tenant.comThe system generates two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file (used to apply for your SSL Certificate) with apache openssl.
- When you are prompted for the Common Name (domain name), enter the fully qualified domain name for the site you are securing.
If you are generating an Apache CSR for a Wildcard SSL Certificate your common name should start with an asterisk (such as *.example.com).
- Once the .key and .csr files are created, zip them up and send them to the customer so they can request a cert from a certificate authority.
- Copy the files to /usr/local/desktone/cert on the tenant node so they are backed up by the automated backup process.