Obtain Certificates Directly Though a Certificate Authority (CA)

CA Risk Authentication Administration Guide › Configure SSL › Prepare for SSL Communication › Obtain Certificates Directly Though a Certificate Authority (CA)

Obtain Certificates Directly Though a Certificate Authority (CA)

The steps that are explained in this section are specific to Microsoft CA 2008. If you are using any other CA to generate the certificate and the private key, then you must refer to the vendor documentation.

To generate a CA-issued certificate:

Access the link to the CA of your choice. For Microsoft CA, it is as follows:
http://<IP_Address_of_the_CA>/certsrv/
Navigate to the link to create and submit the certificate request.
For example, if you are using MSCA, then under Select a task section, click the Request a certificate option, then advanced certificate request option, and then finally the Create and submit a request to this CA option.
Specify the details on the certificate request form that appears.
- The identification information for the certificate, as described in the following table.

Certificate Attribute	Required Information
Common Name (Name)	The fully qualified domain name (FQDN) of your server. Important! When prompted for Common Name, you must specify the Fully Qualified Domain Name (FQDN) of the server to be protected by SSL. For example, an SSL certificate issued for login.my-bank.com will not be valid for online.my-partner.com. If the URL to be used for SSL is login.my-bank.com, then ensure that the common name submitted in the CSR is login.my-bank.com.
Email Address	The email ID of the contact person in your organization. Note: Typically, this is the email address of the certificate administrator or an administrator in the IT department.
Organization (Company)	The name of your organization. Important! Ensure that this entry is not abbreviated. You must also ensure that you do not specify any suffixes, such as Inc., Corp., or LLC.
Organizational Unit (Department)	The division (for example, IT) of your Organization handling the certificate.
City (Locality)	The city (for example, Brisbane) where your Organizational Unit is located.
State	The state or region (for example, Queensland) where your Organizational Unit is located. Important! Ensure that this entry is not abbreviated.
Country (Region)	The ISO code (for example, AU) for the country where your organization is headquartered.

Certificate Attribute

Required Information

Common Name

(Name)

The fully qualified domain name (FQDN) of your server.

Important! When prompted for Common Name, you must specify the Fully Qualified Domain Name (FQDN) of the server to be protected by SSL.
For example, an SSL certificate issued for login.my-bank.com will not be valid for online.my-partner.com. If the URL to be used for SSL is login.my-bank.com, then ensure that the common name submitted in the CSR is login.my-bank.com.

Email Address

The email ID of the contact person in your organization.

Note: Typically, this is the email address of the certificate administrator or an administrator in the IT department.

Organization

(Company)

The name of your organization.

Important! Ensure that this entry is not abbreviated. You must also ensure that you do not specify any suffixes, such as Inc., Corp., or LLC.

Organizational Unit

(Department)

The division (for example, IT) of your Organization handling the certificate.

City

(Locality)

The city (for example, Brisbane) where your Organizational Unit is located.

State

The state or region (for example, Queensland) where your Organizational Unit is located.

Important! Ensure that this entry is not abbreviated.

Country

(Region)

The ISO code (for example, AU) for the country where your organization is headquartered.

The details of the certificate. You must consider the details specified in the following table while specifying these certificate details.

Certificate Attribute	Required Information
Certificate Type	Server Authentication Certificate, if you are generating a server certificate Client Authentication Certificate, if you are generating a client certificate
CSP	CSP of your choice
Key Usage	Exchange
Key Size	The key size in bytes.
Key Exportability	Mark keys as exportable Export keys to file Full path name (*.pvk)
Request Format	PKCS#12 File

Click Submit to request the certificate.
Click Install the Certificate to install the certificate in the browser store.