Certificate Signing Request (CSR)
Overview
Enlighted supplies self-signed certificates on Enlighted Manage (EM) server. When a user attempts to connect to Manage via HTTPS, the browser displays a warning message that the certificate is not signed by a Certificate Authority (CA). If you would like to avoid this warning message, please create a Certificate Signing Request (CSR) on Manage. Use this CSR file to acquire a CA-signed certificate from a public CA of your choice. Once you have the SSL certificate with you, contact Enlighted Support to replace the self-signed certificate with your new public CA-signed certificate.
Certificate Signing Request (CSR)
A CSR is an encoded file that provides a standardized way to send your public key and information that identifies your company and domain name. The CSR is generated from within the same server you plan to install the certificate. The CSR contains the following relevant items for the certificate to work correctly.
- Common Name: The Fully-qualified Domain Name (FQDN) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc.
- Organization: The full legal name of your organization, including the corporate identifier.
- Organization Unit: The department name such as ‘Information Technology’ or ‘Security.’
- City: The city where your organization is legally incorporated.
- State or Province: State or province where your organization is legally incorporated.
- Country: The two-letter country code (i.e., US, EU) where your organization is legally incorporated.
The certificate will also contain the public key for encrypting data and a corresponding private key to decrypt data during an SSL session. The most common key size is RSA 2048, but some issuing Certificate Authorities, such as GlobalSign, support larger key sizes (e.g., RSA 4096+) or ECC keys.
The CSR is usually created in a Base-64 based PEM format. You can open the CSR file using a simple text editor. You must include the header and footer
-----BEGIN CERTIFICATE REQUEST-----
And
-----END CERTIFICATE REQUEST-----
when pasting the CSR.
To generate a CSR, use the request parameter with the path parameter.
- OpenSSL req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Enlighted accepts SSL certificate in .PEM format. Enlighted Support will then replace the self-signed certificate with the new CA-signed certificate and update the configuration files if you have changed the SSL names. If needed, you can also request Enlighted Support to generate the CSR for you.
For more details on creating or replacing the default certificate, please refer to the Create or Replace a Certificate Signing Request (CSR) visible only for Enlighted Internal team.