Entrust PKI as a Service

Issuing a certificate from CSR

See below for the certificate authority to process a PKCS #10 Certificate Signing Request (CSR) for a locally generated key pair.

To issue a certificate for server-generated keys:

  1. Generate a key pair and a CSR on your local machine using your preferred tools.

  2. Follow the steps described in Accessing your partitions to log into the PKIaaS interface as a user with any of these roles:

  3. Click Certificate Authorities in the sidebar.

    PNG

  4. In the Certificate Authorities tab, click the name of the certificate authority that will issue the certificates.

    PNG

  5. Click the plus + icon to the right of the Issued Certificates tab.

  6. Select Client-Side Generated Key Certificate (X.509 cert) in the Certificate type list.

    PNG

  7. Complete the following values.

Certificate profile

Select one of the Subscriber certificate profiles for the certificate authority to issue this certificate.

ℹ The list only includes the certificate profiles selected when Creating an issuing subordinate CA.

Certificate Signing Request

Paste the encoded text of a Certificate Signing Request (CSR) you have locally generated for a key pair.

Use Subject from CSR

Check this box if you want the issued certificate to have the same Subject’s Distinguished Name (DN) as the CSR pasted in the Certificate Signing Request field.

ℹ When checking this box, the Subject field is read-only and displays the DN set in the CSR.

Subject

Write the Distinguished Name (DN) of the certificate Subject in RFC 5280 syntax. For example, if the certificate subject is a corporate employee:

CN=John Doe, OU=Sales, O=Example Corp, L=San Francisco, ST=California, C=US

If the certificate subject is a corporate domain:

CN=server1.example.com, CN=server2.example.com, OU=IT, O=Example Corp, L=Chicago, ST=Illinois, C=US

Subject Alternative Names

Add optional Subject Alternative Names (SANs) for the certificate subject. Typically, SANs extend the domain names or IP addresses set in the Subject field of a TLS certificate. For example:

San Type SAN Value
DNS Name example.com
DNS Name www.example.com
DNS Name example.net
DNS Name mail.example.com
DNS Name support.example.com
DNS Name example2.com
IP Address 93.184.216.34
IP Address 2606:2800:220:1:248:1893:25c8:1946