This topic describes how to generate a Certificate Signing Request (CSR) for your USM Appliance so you may obtain an SSL certificate from a Certificate Authority.
A CSR or Certificate Signing Request is a block of encrypted text that is generated for the server that an SSL certificate will be used on.
It contains information that will be included in your certificate such as your organization name, common name (domain name), locality, and country.
It also contains the public key that will be included in your SSL certificate. A private key is usually created at the same time that you create the CSR.
A Certificate Authority(CA) will use a CSR to create your SSL certificate, but it does not need your private key.
You need to keep your private key secret. Once the CA generates your SSL Certificate you can use it to secure your USM Appliances Web Server.
An easy to use online tool that will generate a CSR and Private key for your USM Appliance Server can be found at the link below.
Just fill in all the required fields (ensure the Common Name (CN) you provide matches the FQDN of your USM Appliance exactly) and click "Generate CSR": https://csrgenerator.com/
Note: The SSL certificate created using a particular CSR will only work with the private key that was generated with it.
If you lose the private key, the certificate will no longer work so please ensure you keep a copy of the generated CSR and Private Key created by the tool above in a safe and secure location.
Once you have provided the CSR to the CA of your choosing, they will provide you with an SSL certificate that you can use to secure your USM Appliance web interface.
To apply the new SSL certificate to your USM Appliance, follow the instructions in the topic below: