How-To: Create an SSL Certificate in Windows, Mac, or Linux

This page guides you through how to create a certificate signing request (CSR) on your Windows, Mac, or Linux PC and sending it to EZCA to create a TLS Certificate.

Prerequisites

  1. Register Domain

Overview

This page guides you through how to create a certificate signing request (CSR) on your Windows, Mac, or Linux PC and sending it to EZCA to create a TLS Certificate.

How To Request a Certificate

  1. Navigate to https://portal.ezca.io/
  2. Navigate to Domains. EZCA Cloud PKI portal My Domains page listing registered domains with Request Certificate buttons
  3. Click the “Request Certificate” button on the domain you want to request a certificate for. EZCA Cloud PKI My Domains page with Request Certificate button highlighted for a domain
  4. This will pre-populate the Subject Name and Subject Alternate Names with the selected domain. EZCA Cloud PKI Request New Certificate form with pre-filled subject name and DNS names fields
  5. If this certificate requires more subject alternate names (Usually for other domains that might use this certificate), add them in the DNS Names section.
  6. By Default, EZCA will request the certificate to be the maximum validity allowed by your administrators. If you want to decrease the lifetime of the certificate, adjust the validity slider. EZCA Cloud PKI Request New Certificate form with validity period slider highlighted at 30 days
  7. Make sure the “Import CSR” Option is Selected. EZCA Cloud PKI certificate form with Certificate Location set to Import CSR highlighted
  8. Click the “How to create a CSR Locally” Link. EZCA Cloud PKI How to create a CSR Locally link highlighted in the Import CSR section
  9. Select your Operating System EZCA Cloud PKI Create CSR Request dialog with Windows selected as the certificate location

How To Create CSR in Windows

  1. Download the .inf file EZCA Cloud PKI Create CSR Request dialog showing Download button for the Windows INF configuration file

  2. open cmd.exe

  1. Navigate to your downloads folder and run the following command where INFFILENAME is the file name you just downloaded and CSRFILENAME is the file where you want the certificate signing request to be saved: 
    certreq.exe -new <INFFILENAME>.inf <CSRFILENAME>.csr
    Windows Command Prompt showing certreq.exe command creating a CSR file successfully
  2. Go Back to the EZCA portal.
  3. Close out the instructions dialog.
  4. Click on the “Upload CSR” button. EZCA Cloud PKI certificate form showing Upload CSR button in the Import CSR section
  5. Select the newly created CSR file Windows file browser showing CSR files to select for upload to EZCA
  6. Click the “Request Certificate” button at the top right of the form. EZCA Cloud PKI Request New Certificate button highlighted to submit the certificate request
  7. Your Certificate has been created successfully EZCA Cloud PKI Certificate Created Successfully page displaying the new certificate PEM content

How To Create a CSR in Linux/Mac

  1. Copy the command generated by EZCA. EZCA Cloud PKI Create CSR Request dialog with Linux/Mac selected and OpenSSL command to copy Sample command: 
    openssl req -new -newkey rsa:4096  -keyout certificate.key -out certificate.csr -subj /CN=ezssh.io
  2. Paste the command into Terminal and press enter. Mac terminal running OpenSSL command to generate a private key and CSR file
  3. Enter a strong pass phrase to encrypt the private key that the computer is generating (You will need this pass phrase to use the certificate)
  4. In the same terminal window enter: 
    cat certificate.csr
    this will print the Certificate Signing Request into the terminal. Mac terminal displaying the CSR PEM content output from the cat certificate.csr command
  5. Copy the output including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—–
  6. Paste it into EZCA under the “Enter CSR Body” section. EZCA Cloud PKI certificate form with CSR PEM content pasted into the Enter CSR Body field
  7. Click the “Request Certificate” button at the top right of the form. Create Certificate
  8. Your Certificate has been created successfully Create Certificate
  9. Next Steps: How To Install SSL Certificate