Follow

How to Request CSR(s)

Description

Customers that use SSL HTTP service or WAF Proxy (with SSL configured) service and/or has restrictions on sharing the actual Certificate and Private Key with 3rd party vendors.

 

What is a CSR?

A Certificate Signing Request (CSR) is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It is a certificate file that contains information such as the organization name, common name (domain name), locality, and country.

After the CSR is created, Silverline will share the CSR file via the Secure Uploads section of the portal. A certificate authority (CA) will then use the CSR provided to create your SSL certificate. However, as the CA vendor does not need your private key, Silverline will keep your Private Key in a secure location that complies to PCI requirements and is never shared to anyone else.

Once the new certificate is signed by the CA vendor, submit the validated certificate file to Silverline and the SOC will create/deploy the brand-new SSL certificate/key pair to the portal.

 

Environment

  • Silverline WAF
  • Silverline DDoS
  • Proxy/Proxies
    • SSL HTTP/WAF Proxy Service Type

 

Procedure

Scope of Silverline Support

  • F5 Silverline will only receive Certificates or Keys from the Customer . We will never provide these to customers. 
    • Please upload the files to the Secure Upload section of portal or to the SSL management portion of portal directly.
    • Do not ever mail a key to Silverline or support@f5silverline.com
  • F5 Silverline will never provide any private key to the Customer.
  • F5 Silverline will generate a Certificate Signing Request (CSR) and provide only that file to the Customer. The Key and/or Passphrase will not be shared.
  • F5 Silverline will remove/delete any items related to the CSR process (Cert, Key and/or Passphrase) once the SSL certificate has been signed and uploaded to the portal.

 

Requirements & Steps

To request a CSR:

  1. Provide the answers in the following table into a text file.
  2. Upload the text file via the Secure File Repository within the Portal.

Data Field

Example Value

Notes

Common Name

www.example.com

The fully qualified domain name (FQDN) of your server. This must match exactly what you type in your web browser or you will receive a name mismatch error.

Organization

Example, Inc.

The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC.

Organizational Unit

Security Team

The division of your organization handling the certificate.

City/Locality

Seattle

The city where your organization is located.

State/County/Region

WA

The state/region where your organization is located. This shouldn't be abbreviated.

Country

US

The two-letter ISO code for the country where your organization is located.

Email Address

it@example.com

An email address used to contact your organization.

Key Size

RSA-2048

RSA Key size, default is 2048-bit


Subject Alternative Names

The Subject Alternative Name field lets you specify additional hostnames (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate. 

Please indicate to the SOC, if you want the CSR file to support multiple domains or a wildcard domain like "*.example.com" for example. Also, please indicate the additional domains to be added/included in the CSR file.

 

Note: Due to security-related reasons, the key file generated, and the CSR file generated aren't stored for a long period of time, a maximum of 48 hours after the notification of the creation of the files. This limited storing time is part of efforts to comply with our internal security standard policy.

Related Content

Was this article helpful?
0 out of 1 found this helpful
Have more questions? Submit a request