Generating a certificate signing request

You can use the security certificate generate-csr command to generate a certificate signing request (CSR). After processing your request, the certificate authority (CA) sends you the signed digital certificate.

1. Generate a CSR: security certificate generate-csr -common-name FQDN_or_common_name -size 512|1024|1536|2048 -country country -state state -locality locality -organization organization -unit unit -email-addr email_of_contact -hash-function SHA1|SHA256|MD5

   Example

   The following command creates a CSR with a 2048 -bit private key generated by the SHA256 hashing function for use by the Software group in the IT department of a company whose custom common name is server1.companyname.com , located in Sunnyvale , California , USA . The email address of the SVM contact administrator is web@example.com . The system displays the CSR and the private key in the output.

   cluster1::>security certificate generate-csr -common-name 
   server1.companyname.com -size 2048 -country US -state California 
   -locality Sunnyvale -organization IT -unit Software -email-addr
   web@example.com -hash-function SHA256
   
   Certificate Signing Request :
   -----BEGIN CERTIFICATE REQUEST-----
   MIIBGjCBxQIBADBgMRQwEgYDVQQDEwtleGFtcGxlLmNvbTELMAkGA1UEBhMCVVMx
   CTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYDVQQKEwAxCTAHBgNVBAsTADEPMA0G
   CSqGSIb3DQEJARYAMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPXFanNoJApT1nzS
   xOcxixqImRRGZCR7tVmTYyqPSuTvfhVtwDJbmXuj6U3a1woUsb13wfEvQnHVFNci
   2ninsJ8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA0EA6EagLfso5+4g+ejiRKKTUPQO
   UqOUEoKuvxhOvPC2w7b//fNSFsFHvXloqEOhYECn/NX9h8mbphCoM5YZ4OfnKw==
   -----END CERTIFICATE REQUEST-----
   
   
   Private Key :
   -----BEGIN RSA PRIVATE KEY-----
   MIIBOwIBAAJBAPXFanNoJApT1nzSxOcxixqImRRGZCR7tVmTYyqPSuTvfhVtwDJb
   mXuj6U3a1woUsb13wfEvQnHVFNci2ninsJ8CAwEAAQJAWt2AO+bW3FKezEuIrQlu
   KoMyRYK455wtMk8BrOyJfhYsB20B28eifjJvRWdTOBEav99M7cEzgPv+p5kaZTTM
   gQIhAPsp+j1hrUXSRj979LIJJY0sNez397i7ViFXWQScx/ehAiEA+oDbOooWlVvu
   xj4aitxVBu6ByVckYU8LbsfeRNsZwD8CIQCbZ1/ENvmlJ/P7N9Exj2NCtEYxd0Q5
   cwBZ5NfZeMBpwQIhAPk0KWQSLadGfsKO077itF+h9FGFNHbtuNTrVq4vPW3nAiAA
   peMBQgEv28y2r8D4dkYzxcXmjzJluUSZSZ9c/wS6fA==
   -----END RSA PRIVATE KEY-----
   
   Note: Please keep a copy of your certificate request and private key 
   for future reference.
   
2. Copy the certificate request from the CSR output, and send it in electronic form (such as email) to a trusted third-party CA for signing.
   After processing your request, the CA sends you the signed digital certificate. You should keep a copy of the private key and the CA-signed digital certificate.