When you set up the SSL certificate for the Mirage Gateway server, you must first generate the Certificate Signing Request (CSR).

About this task

Procedure

  1. On the Microsoft Management Console, select File > Add/Remove Snap-in.
  2. On the Add or Remove Snap-ins window, select Certificates and click Add.
  3. On the Certificates snap-in window, select Computer account and click Next.
  4. Select Local computer and click Finish.
  5. Click OK in the Add or Remove Snap-ins window to close the window.
  6. Expand the Certificates (Local Computer) node.
  7. Expand the Personal node and right-click Certificates.
  8. Select All Tasks > Advanced Operations > Create Custom Request.
  9. Follow the prompts, and on the Select Certificate Enrollment Policy page, select Proceed without enrollment policy and click Next.
  10. Verify the relevant information on the Custom Request page and click Next .
    1. Select Legacy key for the template type.
    2. Select PKCS #10 for the request format.
  11. Expand the Details drop-down menu and click Properties.
  12. On the General tab of the Certificate Information page, type a certificate-friendly name.

    You must use this name in the DNS record.

  13. On the Subject tab, verify the relevant information.

    Option

    Description

    Common name, value

    The server FQDN. This is the certificate subject name that is used in the Mirage configuration to locate the certificate. The FQDN must point to that server and is validated by the client upon connection.

    Organization, value

    The company name. Usually required by the CA.

    Country, value

    A two-letter standard country name, for example, US or UK. Usually required by the CA.

    State, value

    The state name.

    Locality, value

    The city name.
  14. On the Extensions tab, select the key-use information from the drop-down menus.
    1. Expand the Key usage drop-down menu, select Data encipherment and click Add.
    2. Expand the Extended Key usage drop-down menu, select Server Authentication and click Add.
  15. On the Private Key tab, select the key size and export options.

    Option

    Description

    Key Options

    This is the required key size (usually 1024 MB or 2048 MB).

    Make private key exportable

    This option exports the CSR, and later the certificate, with the private key for backup or server movement purposes.

    Key Type

    Select Exchange (the default value is Signature).
  16. Click Apply and then click OK to close the Certificate Properties window, and click Next in the Certificate Enrollment wizard.
  17. On the Certificate Enrollment page, leave the default file format (Base 64), and click Browse to enter a file name and location for the CSR, and click Finish.

    The certificate request is complete.

  18. On the Certificates Enrollments & Certificates tab, click Refresh.

    You can export the CSR with the private key for backup purposes.

What to do next

After generating the Certificate Signing Request, submit the CSR. See Submit the Certificate Request.