Skip to main content
Skip table of contents


The Requests tab is for generating new Certificate Signing Requests (CSRs). The process of generating a CSR involves filling out the identifying information for the X.509 certificate being requested and generating a public and private key pair where the private key is non-exportable from the HSM. As part of the standard CSR generation process, the private key is also used to digitally sign the CSR proving possession of the private key. Once generated, the CSR can be copied or downloaded and then sent to a CA to have a certificate issued.


Generating a Request

Quick Tip Before starting this process make sure you have at least one certificate group created. The Signum Administrator is the only user capable of creating certificate groups.

To generate a new CSR, navigate to Certificates>Requests>CSR and select Generate CSR. This will bring up a wizard that will walk you through the steps of generating the request.


Generate a CSR


Common Name (CN)

Can vary for signing use cases but often copies the organization name.

Organization (O)

Legal name of organization

Department (OU)

Internal organization department/division name

City (L)

Town, city, village, etc. name

State (S)

Province, region, county or state

Country (C)

Choose from the country drop-down

Key Type

Currently only RSA.

Roadmap Item Other key algorithms are coming in the future.

Key Size

The length of the RSA key. This should be 4096 for most use cases.

Hashing Algorithm

The hashing algorithm to use for the CSR.

Clicking Next will bring up the next step in the wizard where the certificate can be added to a certificate group and optionally assigned an owner.

Quick Tip Signum requires that every certificate is assigned to a certificate group, even if it is only a group of one.


Assign Groups and Owners


Assigning Certificate Groups

Signum requires that every certificate be part of a certificate group, even if it is only a group of one. The request can be assigned to one or more groups and when the certificate associated with this request is imported it will be available to the groups defined here. These can be changed later.


Configuring an Owner is optional. The Owner of a certificate will be able to access the certificate superseding any configured policies.

After assigning a Certificate Group click Apply and the CSR will be available to copy or download. It will also be available to copy or download in the future from the Requests tab until a certificate for the request has been imported.


Request Operations

By clicking on the actions button of a CSR in the Requests tab you can choose to download or delete a request. Deleting a request will permanently delete the private key associated with the request.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.