Issue a New Server Certificate from a CSR

The following covers how to issue a certificate suitable for SSL/TLS servers from a Certificate Signing Request (CSR) generated by the server.

Before you begin, you should previously have created a certificate profile and end entity profile for SSL servers. For more information, see:

To request a certificate:

  1. Access EJBCA RA Web and click Make new request.

  2. In the Certificate Type field, select SSLServerEndEntityProfile.

  3. Under Certificate subtype, you should not be able to choose anything but the default SSLServerCertificateProfile.

  4. Under CA, you should not be able to choose anything but the default ManagementCA.

  5. Select the Key-pair generation option Provided by user.

  6. Upload the CSR.

  7. In CN, Common Name, verify testsrv.domain.com.

  8. In DNS Name, verify testsrv.domain.com.

  9. At Username, enter testsrv.domain.com.

  10. At Enrollment code, enter a password. The password will only be used during enrollment, as a one-time code.

  11. Click Download to download and save the newly created certificate file.

A new certificate is generated and downloaded to your desktop.