Generate a Certificate Signing Request

In the following example, we generate a Certificate Signing Request (CSR) which is used to encode information about a client system or user to a certificate server, usually an Intermediate or Root Certificate Authority.

The certificate server, in turn, uses this request data to generate a certificate according to the specifications encoded in the CSR for the requesting system or user.

1. To generate a CSR for the Authentication PKI certificate slot, starting from the Configure Digital Certificates screen, select the Authentication certificate type and click the Generate button:

   

2. Next, choose the Certificate Signing Request option. In the example below, we have chosen the RSA2048 Algorithm from the pull-down menu.

   We have also set a certificate subject – the name of the entity that the certificate is meant to authenticate on behalf of.

   Note: There is no expiration date setting as the certificate validity period is determined by the Certificate Authority server that will process the generated request.

3. Once all options are set, click the Generate button to proceed:

   

4. When prompted, enter the PIN for the Crescendo device, and click Submit:

   

5. If the operation is successful, the Save dialog appears, giving you the opportunity to save the generated Certificate Signing Request as a .csr file.

   If required, select a location on your host system and click Save Certificate Signing Request to save the file:

   

   You can also click the Cancel button to return to the generated CSR screen.

   Once you have saved the file (or canceled the dialog), you are returned to the Certificate Signing Request screen.

   The success message appears confirming successful generation of the CSR.

6. If required, you may select the Certificate Signing Request text displayed in the field and copy the text to your clipboard for pasting into another location:

   

   Important: When the Certificate Signing Request generated by Crescendo Management Tool is used to request a signed certificate from a Certificate Authority server, the resulting signed certificate can be imported later using the Load function described in Load a Certificate for the Generated Key Pair