You can generate the tenant's CSR file (certificate signing request) either on the Service Provider appliance or the tenant nodes.

  • If you are generating certificates on the Service Provider appliance, be sure to create in a tenant specific directory so files are not confused among tenants.
  • Always name the file using the domain for which the cert is being generated.


  1. Collect the following information for the tenant:
    • Country Code
    • State and Locality
    • Full Legal Company Name
    • Organizational Unit
  2. At the command line run the following command:
    openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
    where server is the domain you want to create a cert for - such as
    The system generates two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file (used to apply for your SSL Certificate) with apache openssl.
  3. When you are prompted for the Common Name (domain name), enter the fully qualified domain name for the site you are securing.
    If you are generating an Apache CSR for a Wildcard SSL Certificate your common name should start with an asterisk (such as *
  4. Once the .key and .csr files are created, zip them up and send them to the customer so they can request a cert from a certificate authority.
  5. Copy the files to /usr/local/desktone/cert on the tenant node so they are backed up by the automated backup process.