When you set up the SSL certificate for the Mirage Gateway server, you must first generate the Certificate Signing Request (CSR).
About this task
Procedure
- On the Microsoft Management Console, select File > Add/Remove Snap-in.
- On the Add or Remove Snap-ins window, select Certificates and click Add.
- On the Certificates snap-in window, select Computer account and click Next.
- Select Local computer and click Finish.
- Click OK in the Add or Remove Snap-ins window to close the window.
- Expand the Certificates (Local Computer) node.
- Expand the Personal node and right-click Certificates.
- Select All Tasks > Advanced Operations > Create Custom Request.
- Follow the prompts, and on the Select Certificate Enrollment Policy page, select Proceed without enrollment policy and click Next.
- Verify the relevant information on the Custom Request page and click Next .
- Select Legacy key for the template type.
- Select PKCS #10 for the request format.
- Expand the Details drop-down menu and click Properties.
- On the General tab of the Certificate Information page, type a certificate-friendly name.
You must use this name in the DNS record.
- On the Subject tab, verify the relevant information.
Option
Description
Common name, value
The server FQDN. This is the certificate subject name that is used in the Mirage configuration to locate the certificate. The FQDN must point to that server and is validated by the client upon connection.
Organization, value
The company name. Usually required by the CA.
Country, value
A two-letter standard country name, for example, US or UK. Usually required by the CA.
State, value
The state name.
Locality, value
The city name.
- On the Extensions tab, select the key-use information from the drop-down menus.
- Expand the Key usage drop-down menu, select Data encipherment and click Add.
- Expand the Extended Key usage drop-down menu, select Server Authentication and click Add.
- On the Private Key tab, select the key size and export options.
Option
Description
Key Options
This is the required key size (usually 1024 MB or 2048 MB).
Make private key exportable
This option exports the CSR, and later the certificate, with the private key for backup or server movement purposes.
Key Type
Select Exchange (the default value is Signature).
- Click Apply and then click OK to close the Certificate Properties window, and click Next in the Certificate Enrollment wizard.
- On the Certificate Enrollment page, leave the default file format (Base 64), and click Browse to enter a file name and location for the CSR, and click Finish.
The certificate request is complete.
- On the Certificates Enrollments & Certificates tab, click Refresh.
You can export the CSR with the private key for backup purposes.
What to do next
After generating the Certificate Signing Request, submit the CSR. See Submit the Certificate Request.