Configuring a single device certificate
To access the CSR by the first method, follow these steps.
Procedure
- From the Configure tab, click Devices in the navigation panel.
- Select the device.
- Click Change for the Signed Device Certificate section at the bottom of the page.
What to do next
After Change is clicked, the CSR is displayed in a manner that enables it to be copied out of the Manager Web Interface and submitted to a CA. The certificate that is issued by the CA must contain the Common Name (CN) field of the Subject Distinguished Name and the content of the Subject Alternative Name as indicated in the CSR.
These parameters are validated by the Manager Web Interface when the certificate is pasted
back into the interface. Once updated, the certificate is published to the device and uses
it. Another restriction is that if the external CA sets the key usage field of the device
certificate, then both SSL_CLIENT and SSL_SERVER key usage
fields must be set.