Issue a New Server Certificate from a CSR

Follow the steps below to issue a certificate suitable for SSL/TLS servers from a CSR generated by the server.

You should previously have created the certificate profile and end entity profile for SSL servers in the sections above.

  1. Go to RA Functions > Add End Entity.
  2. Choose the End Entity profile SSLServerEndEntityProfile.
  3. At Username, enter
  4. At Password, enter a password. The password will be used only during enrollment, as a one-time code.
  5. Under CN, Common Name, enter
  6. And at DNS Name, enter
  7. Under Certificate Profile you should not be able to choose anything but the default SSLServerCertificateProfile.
  8. Under CA you should not be able to choose anything but the default ManagementCA.
  9. Under Token, choose User Generated.
  10. Click Add.
  11. Go to Public Web and then Create Certificate from CSR.
  12. Enter the username,, and password for the user you created. Note that the password field is called enrollment code here.
  13. Paste the CSR from the server and click OK.

A new certificate is generated and can be downloaded to your desktop.