How to generate Certificate Signing Request (CSR) via CLI using on- prem SWG
Goal
A CSR (Certificate Signing Request) is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA). The CSR validates the information the CA requires to issue a certificate.
In a public key infrastructure (PKI) system, which enables secure data sharing among validated parties on the internet, a CSR must be created before ordering
and purchasing an SSL certificate.
We are going to see how to generate CSR from SWG CLI on this article.
First Step
Login into your SWG via CLI with root credentials..
Second Step
- Run the following command
# openssl req -out MWG.csr -new -newkey rsa:2048 -nodes -keyout MWG.key
- Fill in the Details it asks for (you can refer to your expired certificate) and enter a password.
- Remember the password for future use.
- Copy the “MWG.csr” and “MWG.key” files it generates to your PC.
Note: If MWG.csr and MWG.key files were not auto downloaded, you should see them available under the “root” directory when logged into the SWG using WINSCP.
- Provide the “MWG.csr” to the Certificate Authority to Sign the certificate (Contact Internal CA if any OR Verisign, Godaddy, or other vendors who sign the certificate for you)
- Import the CA signed certificate, the MWG.key, and the password you created and enter them into the GUI section of the configuration.
Note: The names don't matter. They could be .pem, .crt, .cer or other names. If you can open them in a notepad and they look like base64 encoded text, they should be fine to be provided to the CA for obtaining a signed certificate.
What's Next
In case you encounter an Error " Certificate and Private key Do match" Please refer to "How to resolve Error "certificate and private key do not match"