See below for the certificate authority to process a PKCS #10 Certificate Signing Request (CSR) for a locally generated key pair.

To issue a certificate for server-generated keys:

1. Open the following URL in a Web browser. 

   https://<hostname>/v2/

   Where <hostname> is the IP address or domain name selected in General.

2. Log in to the Management Console as the user described in Creating partition administrators. 
3. If the user administers more than one partition, select the partition on which to manage certificate authorities and certificates. 
   

4. Click Certificate Authorities in the sidebar.

   

5. In the Certificate Authorities tab, click the name of the certificate authority that will issue the certificates.

   

6. Click Issue Certificate.

7. Select Client-side Generated Key Certificate (X.509 cert).

   

8. Complete the following values. 

   • Certificate profile
   • Certificate Signing Request
   • Use Subject from CSR
   • Subject
   • Subject Alternative Names

Certificate profile

Select one of the subscriber certificate profiles for the certificate authority to issue this certificate.

Certificate Signing Request

Paste the encoded text of a Certificate Signing Request (CSR) you have locally generated for a key pair.

Use Subject from CSR

Check this box if you want the issued certificate to have the same Subject’s Distinguished Name (DN) as the CSR pasted in the Certificate Signing Request field.

Subject

Enter a value for each RFC5280 attribute in the certificate subject’s Distinguished Name (DN).

Alternatively, you can:

1. Toggle the Advanced Subject switch
2. Type a Distinguished Name (DN) including additional attributes.

For example, when the certificate subject represents a corporate employee:

When the certificate subject represents a corporate domain:

Subject Alternative Names

Add optional Subject Alternative Names (SANs) for the certificate subject. Typically, SANs extend the domain names or IP addresses set in the Subject field of a TLS certificate. For example: