The Requests tab is for generating new Certificate Signing Requests (CSRs). The process of generating a CSR involves filling out the identifying information for the X.509 certificate being requested and generating a public and private key pair where the private key is non-exportable from the HSM. As part of the standard CSR generation process, the private key is also used to digitally sign the CSR proving possession of the private key. Once generated, the CSR can be copied or downloaded and then sent to a CA to have a certificate issued.
Generating a Request
Quick Tip Before starting this process make sure you have at least one certificate group created. The Signum Administrator is the only user capable of creating certificate groups.
To generate a new CSR, navigate to Certificates>Requests>CSR and select Generate CSR. This will bring up a wizard that will walk you through the steps of generating the request.
Generate a CSR
Common Name (CN)
Can vary for signing use cases but often copies the organization name.
Legal name of organization
Internal organization department/division name
Town, city, village, etc. name
Province, region, county or state
Choose from the country drop-down
Currently only RSA.
Roadmap Item Other key algorithms are coming in the future.
The length of the RSA key. This should be 4096 for most use cases.
The hashing algorithm to use for the CSR.
Clicking Next will bring up the next step in the wizard where the certificate can be added to a certificate group and optionally assigned an owner.
Quick Tip Signum requires that every certificate is assigned to a certificate group, even if it is only a group of one.
Assign Groups and Owners
Assigning Certificate Groups
Signum requires that every certificate be part of a certificate group, even if it is only a group of one. The request can be assigned to one or more groups and when the certificate associated with this request is imported it will be available to the groups defined here. These can be changed later.
Configuring an Owner is optional. The Owner of a certificate will be able to access the certificate superseding any configured policies.
After assigning a Certificate Group click Apply and the CSR will be available to copy or download. It will also be available to copy or download in the future from the Requests tab until a certificate for the request has been imported.
By hovering over a CSR in the Requests tab you can choose to download or delete a request. Deleting a request will permanently delete the private key associated with the request.