Creating certificate signing requests by through the ION Grid Configuration Manager

  1. Access the Configuration Manager for the grid.
  2. Click Security and then Certificates.
  3. For the desired host, create a certificate signing request:
    1. Click "Manage Certificates" for the desired host.
    2. Click Create Certificate Signing Request (CSR).
    3. On the Certificate Signing Request form, specify this information:
      Host FQDN (CN)

      Make sure Host FQDN matches the grid host name.

      Organization Unit (OU), Organization (O), Locality Name (L), State or Province (ST), Country (C)

      Make sure these fields are filled in as expected by your certificate signing service.

      Alternative Names

      If you plan to use aliases or load balancers, add these names as alternative names.

    4. Click "Create Request Reuse Keys" or "Create Request Overwrite Keys". The first choice keeps the previous SSL key pair. The existing certificate remains in place until the CSR has been signed and the resulting certificate imported. The second choice immediately overwrites the existing key pair and replaces it with a temporary grid-signed certificate until the CSR has been signed and the resulting certificate imported.
    5. Select Yes if given a warning that a temporary certificate is generated.
    6. Download or copy the binary code and click OK on the screen to close the Create Certificate Signing Request (CSR) screen. Note that the expiration date of the temporary generated certificate, if applicable, is 90 days in the future.
    7. Use the generated binary code to request a CA-signed certificate at your certificate service.
      Note: The grid will also require the root certificate, so make sure to get the complete certificate chain or have the root certificate available separately.
  4. For the host, import the certificate that was generated for that host. For information on importing, see Importing Signed SSL Certificates through the Configuration Manager.