When you set up an SSL certificate, you must first generate the certificate signing request.

Procedure

  1. Add and configure the Certificates snap-in:
    1. On the server, open the Mirage Management console.
    2. Select File > Add/Remove Snap-in.
    3. Add Certificates.
    4. Specify that the snap-in will manage certificates for the Computer account and click Next.
    5. Verify that This snap-in will always manage Local computer is selected and click Finish.
    6. Click OK.
  2. Select the Certificates node in the console root, right-click Personal store and select All Tasks > Advanced Operations > Create Custom Request.
  3. Verify the information on the Custom Request page, select Proceed without enrollment policy.
    1. On

    Option

    Description

    Custom Request

    Select Proceed without enrollment policy.

    Template and Request Format

    Accept the default settings for the CNG Key and PKCS #10 text boxes.

    Certificate Information

    Click Details for the Custom Request and click Properties.

  4. Click the General tab and type a certificate-friendly name.

    You can use the same name as the subject name.

  5. Click the Subject tab, and in the Subject Name area, provide the relevant certificate information.

    Option

    Description

    Common name, value

    Server FQDN. This is the certificate subject name that is used in the Mirage configuration to find the certificate. The FQDN must point to that server and is validated by the client upon connection.

    Organization, value

    Company name, usually required by the CA.

    Country, value

    Two-letter standard country name, for example, US or UK. Usually required by the CA.

    State, value

    (Optional) State name.

    Locality, value

    (Optional) City name.

  6. Click the Extensions tab and select the key use information from the drop-down menus.

    Option

    Description

    Key Usage

    Select Data Encipherment.

    Extended Key Usage

    Select Server Authentication.

  7. Click the Private Key tab and select key size and export options.

    Option

    Description

    Key Options

    Select the required key size (usually 1024 or 2048).

    Make Private Key Exportable

    Select to export the CSR, and later the certificate, with the private key for backup or server movement purposes.

  8. Click OK to close the Certificate Properties window, and click Next in the Certificate Enrollment wizard.
  9. Leave the default file format (Base 64), and click Browse to select a filename and location of where to save the CSR.

    The certificate request is completed.

  10. Click the Certificate Enrollment Requests & Certificates tab, and click Refresh.

    You can export the CSR with the private key for backup purposes.

What to do next

After you generate the certificate signing request, you submit the certificate request. See Submit the Certificate Request