Certificate Signing Requests

1. Generate CSRs
2. Managing CSRs

1. Generate CSRs

The following steps explain in detail how to generate a CSR from the Key Manager Plus interface:

1. Navigate to SSL >> CSR. You will see all the available CSRs in a list view along with their details such as Domain Name, Created By, Created Time, Key Size, Key Algorithm, etc. 
2. Click Create to generate a new CSR. In the form displayed, do the following:
   1. Choose between Create CSR or Create CSR from KeyStore.
   2. If you choose to Create CSR from KeyStore:
      1. Select the KeyStore file by clicking Browse.
      2. Enter the Private Key Password of the selected KeyStore and the Expiry Notification Email.
      3. Now click Create to create the CSR.
   3. If you choose to Create CSR manually:
      1. Specify the required details such as Common Name, SAN, Organization Unit, Organization, Location, and State.
         

         Note: You can also choose from a CSR template. Click the Manage CSR Templates link and choose one.

      2. Select the Key Algorithm, Key Size, Signature Algorithm, and KeyStore Type.
      3. Choose a Validity Type (Days, Hours or Minutes) and mention the Validity.
      4. Enter the Store Password and Expiry Notification Email address.
      5. If you are an operator, select the checkbox Already approved by the administrator to sign certificates and Select the administrators to notify.
      6. Select the Sign Type and enter the required details.
      7. You can also sign your CSR later by not choosing the Sign Type now. To know more about signing the CSR later, click here.
      8. Click Create. You will be redirected to a CSR window where the CSR content is displayed.

3. If you are willing to use the KeyStore file from an SSL certificate present in the Key Manager Plus repository, do the steps that follow:

   1. Navigate to the Certificates tab.
   2. Select the SSL certificate from which the KeyStore is to be used for creating a CSR and select Create CSR under the More option in the top pane.
   3. In the pop-up that opens, you can add an expiry notification email.
   4. Now, click Create to create the CSR from the KeyStore available in your Key Manager Plus repository.
4. You have successfully created a CSR and it has been added to the list view. 
5. The CSR will be assigned to the user who created it.
   

   Note: 

   The Administrator can grant access to allow an operator to sign the CSR.

   To grant access, navigate to Settings >> SSL >> Approval, select Enable/Disable certificate sign permission for the operator globally and click Save.

   (Applicable from build 5920 onwards)

   Note:

   Apart from having a wildcard certificate name in the Common Name field, you can add the wildcard name in the SAN field while creating a CSR. With wildcard certificates, one can secure an unlimited number of subdomains for a registered base-domain.

   For example, consider the base-domain zoho.com, a wildcard certificate for *.zoho.com can secure any-subdomain.zoho.com. The asterisk (*) is the wildcard that corresponds to any valid subdomain.

   

2. Managing CSRs

1. Show Passphrase: The show passphrase icon corresponding to every CSR allows administrators to view the Keystore passwords of respective CSR files.
2. Export: You can export and mail the CSR to a specified mail id by using the icons in the CSR displayed in the list view.
3. Import: If you choose to import a CSR, click Import.A pop-up appears.
   1. Browse and Select a CSR file and Select a Key file. 
   2. Enter the Private Key Password and click Import.
   3. Your CSR has been successfully imported and can be viewed in the list view.
   4. Key manager Plus automatically pins the certificate file with its corresponding private key and adds it to its centralized repository.
4. Delete: To Delete a CSR, select the CSR you wish to delete and click Delete.
   1. In the pop-up that appears, click Ok.
   2. You have successfully deleted the selected CSR.
5. CSR Template: Click CSR Template to add, delete or manage the templates. These templates after generated can be used while generating CSR’s.

Besides generating CSRs from Key Manager Plus, you can also upload CSRs generated from outside the application and track their statuses from Key Manager Plus using the Import option in the top menu.