Citrix

Produktdokumentation



Ganzes Dokument herunterladen

Overview of the Certificate Signing Request

Oct. 08, 2015

Before you can upload a certificate to App Controller, you need to generate a Certificate Signing Request (CSR) and private key. You generate the CSR in the Certificate Signing Request dialog box that you open from the Certificates panel in the App Controller management console. After you create the .csr file, you copy the certificate contents and submit them to the Certificate Authority (CA) web site for signing. The CA signs the certificate and returns it to you at the e-mail address you provided. When you receive the signed certificate, you can install it on App Controller.

To provide secure communications by using SSL or TLS, App Controller requires a server certificate. A summary of the steps for obtaining and installing a server certificate on App Controller are as follows:

  • Generate a CSR in the management console.
    Important: When you create the CSR, do not create another CSR. There is a private key associated with the CSR that you send to the CA for signing. If you create another CSR, the private key for the first CSR is erased and you will not be able to install the signed certificate on App Controller. When you install the signed certificate, App Controller automatically pairs it with the private key.
  • Copy the certificate contents and submit them to a CA Web site for signing.
  • When you receive the signed certificate file from your CA, upload the certificate on the Certificates panel in the management console. The certificate is automatically converted to the Privacy Enhanced Mail (PEM) format, which is required by App Controller.

Password-Protected Private Keys

Private keys that are generated with the CSR are stored in an encrypted and password-protected format on App Controller. When creating the CSR, you are asked to provide a password for the private key. The password is used to protect the private key from tampering and is also required when restoring a saved configuration to App Controller. Passwords are used whether the private key is encrypted or unencrypted.

To create a Certificate Signing Request

To provide secure communication by using SSL or TLS, a server certificate is required on App Controller. Before you can upload a certificate to App Controller, you need to generate a Certificate Signing Request (CSR) and private key.

  1. In the App Controller management console, click the Settings tab.
  2. In the left panel, under System Configuration, click Certificates.
  3. In the Certificates panel, click New and in Certificate Signing Request, type the required information:
    • In Key Length (required), select the encryption strength.
    • In Common name (required), type the host name or the fully qualified domain name (FQDN) of App Controller as it appears on the Network Connectivity panel.
    • In Email, type the email address for the contact person at your company.
    • In Description, type a description for the CSR.
    • In Company name, type the name of your company or organization.
    • In Department name, type the name of the department that will use the certificate.
    • In City, type the name of the city in which your company or organization is located.
    • In State, type the full name of the state where your company is located.
    • In Country Code (required), select the code for your country, such as United States.
  4. Click Save.

    App Controller creates the CSR. A dialog box that contains the contents of the CSR opens

  5. Copy the certificate contents from the dialog box and then paste the content into the appropriate area on the Certificate Authority web site.

    The certificate provider returns a signed certificate to you by e-mail. When you receive the signed certificate, install it on App Controller.

You can create up to three CSRs. You can view or delete existing CSRs, and you can also choose to sign a CSR so that you can use the certificate immediately.

Back to Top