Generate a New Certificate Signing Request

Federation Manager Guide › Keys and Certificates for Secure Federated Communication › Import Trusted Certificates and Key/Certificate Pairs › Generate a New Certificate Signing Request

Generate a New Certificate Signing Request

A certificate signing request (CSR) is a message you can send to a Certificate Authority to apply for a digital identity certificate. After you create a private key you can generate a CSR. The CSR contains the public key.

You can generate a new CSR for a private key/certificate pair (self-signed or CA-signed). The private key always generates an identical CSR without modifying the existing private key. You may need to generate a new request for an existing private key for the following reasons:

You no longer have the original request that Federation Manager generated when the private key/self-signed certificate pair.
You need a new certificate for an expiring one, which requires a new copy of a CSR to submit to a Certificate Authority.

To generate a new CSR:

Begin at the View Certificates and Private Keys dialog.
Select Action, Generate CSR for the private key entry for which you want a new CSR.
A file that conforms to the PKCS #10 specification is generated and Federation Manager prompts you to save the CSR.
Click Save.
(Optional) If you require a CA-signed certificate, contact a Certificate Authority and follow the procedure required by the Certificate Authority for submitting a request. Use the PKCS#10 file you saved in the previous step for the request.

After completing the certificate request process, the Certificate Authority issues a signed certificate response, which you import into the key database. Federation Manager replaces the existing certificate entry of the same alias with the newly imported certificate.

Email CA Technologies about this topic