When you set up an SSL certificate, you must first generate the certificate signing request.
Procedure
- Add and configure the Certificates snap-in:
- On the server, open the Mirage Management console.
- Select File > Add/Remove Snap-in.
- Add Certificates.
- Specify that the snap-in will manage certificates for the Computer account and click Next.
- Verify that This snap-in will always manage Local computer is selected and click Finish.
- Click OK.
- Select the Certificates node in the console root, right-click Personal store and select All Tasks > Advanced Operations > Create Custom Request.
- Verify the information on the Custom Request page, select Proceed without enrollment policy.
- On
Option
Description
Custom Request
Select Proceed without enrollment policy.
Template and Request Format
Accept the default settings for the CNG Key and PKCS #10 text boxes.
Certificate Information
Click Details for the Custom Request and click Properties.
- Click the General tab and type a certificate-friendly name.
You can use the same name as the subject name.
- Click the Subject tab, and in the Subject Name area, provide the relevant certificate information.
Option
Description
Common name, value
Server FQDN. This is the certificate subject name that is used in the Mirage configuration to find the certificate. The FQDN must point to that server and is validated by the client upon connection.
Organization, value
Company name, usually required by the CA.
Country, value
Two-letter standard country name, for example, US or UK. Usually required by the CA.
State, value
(Optional) State name.
Locality, value
(Optional) City name.
- Click the Extensions tab and select the key use information from the drop-down menus.
Option
Description
Key Usage
Select Data Encipherment.
Extended Key Usage
Select Server Authentication.
- Click the Private Key tab and select key size and export options.
Option
Description
Key Options
Select the required key size (usually 1024 or 2048).
Make Private Key Exportable
Select to export the CSR, and later the certificate, with the private key for backup or server movement purposes.
- Click OK to close the Certificate Properties window, and click Next in the Certificate Enrollment wizard.
- Leave the default file format (Base 64), and click Browse to select a filename and location of where to save the CSR.
The certificate request is completed.
- Click the Certificate Enrollment Requests & Certificates tab, and click Refresh.
You can export the CSR with the private key for backup purposes.
What to do next
After you generate the certificate signing request, you submit the certificate request. See Submit the Certificate Request