Before you can order a signed certificate from a CA or create a self-signed certificate, you must generate a Certificate Signing Request (CSR) for your edge gateway.

A CSR is an encoded file that you need to generate on an edge gateway that needs an SSL certificate. Using a CSR standardizes the way that companies send their public keys along with information that identifies their company names and domain names.

You generate a CSR with a matching private-key file that must remain on the edge gateway. The CSR contains the matching public key and other information such as your organization's name, location, and domain name.

1

Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.

See Log In and Navigate to Advanced Networking Services for information.

2

Click the Certificates tab and Actions > Generate CSR.

The Generate CSR dialog box appears.

3

Configure the following options for the CSR:

Option

Description

Common Name

Type the fully-qualified domain name (FQDN) for the organization that you will be using the certificate for (for example, www.exampledomain.com). Do not include the http:// or https:// prefixes in your common name.

Organization Name

Type name under which your company is legally registered. The listed organization must be the legal registrant of the domain name in the certificate request.

Organization Unit

Use this field to differentiate between divisions within a company; for example, AMEA or East Coast Operations. If applicable, you can enter the DBA (doing business as) name in this field.

Locality

Type the city or locality where your company is legally registered.

State

Type the full name (do not abbreviate) of the state, province, region, or territory where your company is legally registered.

Country

Select the country where your company is legally registered.

The drop-down menu displays country names along with their two-letter International Organization for Standardization (ISO-) format country codes.

Message Algorithm

(Optional) Select the key type (typically RSA) for the certificate. The key type defines the encryption algorithm for communication between the hosts.

Note

SSL VPN-Plus supports RSA certificates only.

Key Size

(Optional) Type the key size (2048 bit minimum).

Description

(Optional) Enter a description for the certificate.

4

Click OK.

The CSR is generated and displayed in the certificates list.

Transmit the CSR to a certificate authority to obtain your signed certificate. Import the signed certificate into Advanced Networking Services. See Add a Certificate for information.