Generate certificate signing request

The device allows you to generate a certificate signing request (CSR) which can be sent to a CA.

1. Go to Certificates and click Add.
2. Set Action to Generate certificate signing request (CSR).
3. Certificate details
   1. Enter the Certificate name.
   2. Specify the certificate’s validity period.
      Default: 1 day
   3. Select the number of bits used to construct the key from the list.
      Note Larger keys offer greater security, but take longer to encrypt and decrypt data.

      Default: 2048

   4. Select to encrypt the key. Enter a passphrase or the pre-shared key and re-confirm
   5. Specify the certificate ID for one of the following options:
      • DNS
      • IP address (IPv4/IPv6 address)
      • Email
      • DER ASN1 DN (X.509)
4. Identification attributes
   1. Select the country in which the device is deployed.
   2. Enter the state within the country.
   3. Enter the locality in which the certificate is to be used.
   4. Enter the name of the certificate owner (example: Sophos Group).
   5. Enter the name of the department to which the certificate is to be assigned (example: marketing).
   6. Enter the common name or FQDN (example: marketing.sophos.com).
   7. Enter the contact person’s email address.
5. Click Save.
   Once the certificate is created, you need to download and send this certificate to the remote peer with whom the connection is to be established.