How To Create an SSL Certificate in Windows, Mac, or Linux

Prerequisites

  1. Register Domain

Overview

This page guides you through how to create a certificate signing request (CSR) on your Windows, Mac, or Linux PC and sending it to EZCA to create a TLS Certificate.

How To Request a Certificate

  1. Navigate to https://portal.ezca.io/
  2. Navigate to Domains. View my domains View my domains
  3. Click the “Request Certificate” button on the domain you want to request a certificate for. Request X509 Certificate for internal domain Request X509 Certificate for internal domain
  4. This will pre-populate the Subject Name and Subject Alternate Names with the selected domain. Create TLS Certificate Create TLS Certificate
  5. If this certificate requires more subject alternate names (Usually for other domains that might use this certificate), add them in the DNS Names section.
  6. By Default, EZCA will request the certificate to be the maximum validity allowed by your administrators. If you want to decrease the lifetime of the certificate, adjust the validity slider. Set SSL Certificate validity period Set SSL Certificate validity period
  7. Make sure the “Import CSR” Option is Selected. how to create CSR for EZCA how to create CSR for EZCA
  8. Click the “How to create a CSR Locally” Link. Learn how to create CSR in Windows, Mac or Linux Learn how to create CSR in Windows, Mac or Linux
  9. Select your Operating System Create Certificate Create Certificate

How To Create CSR in Windows

  1. Download the .inf file Download the inf file to create your certificate signing request Download the inf file to create your certificate signing request

  2. open cmd.exe

    Note

    If ‘MachineKeySet’ is set to true (this will save the certificate in the machine store vs the user store), the following steps must be done running as administrator.

  3. Navigate to your downloads folder and run the following command where INFFILENAME is the file name you just downloaded and CSRFILENAME is the file where you want the certificate signing request to be saved:

    certreq.exe -new <INFFILENAME>.inf <CSRFILENAME>.csr

    How to Create Certificate Signing Request Windows CMD How to Create Certificate Signing Request Windows CMD

  4. Go Back to the EZCA portal.

  5. Close out the instructions dialog.

  6. Click on the “Upload CSR” button. Upload CSR to EZCA Upload CSR to EZCA

  7. Select the newly created CSR file Select your CSR Select your CSR

  8. Click the “Request Certificate” button at the top right of the form. How To Request Certificate from Internal PKI How To Request Certificate from Internal PKI

  9. Your Certificate has been created successfully Create Certificate Create Certificate

How To Create a CSR in Linux/Mac

  1. Copy the command generated by EZCA. Open SSL CSR Request Open SSL CSR Request Sample command: 
    openssl req -new -newkey rsa:4096  -keyout certificate.key -out certificate.csr -subj /CN=ezssh.io
  2. Paste the command into Terminal and press enter. Create CSR Mac Create CSR Mac
  3. Enter a strong pass phrase to encrypt the private key that the computer is generating (You will need this pass phrase to use the certificate)
  4. In the same terminal window enter: 
    cat certificate.csr
    this will print the Certificate Signing Request into the terminal. Create CSR Mac Create CSR Mac
  5. Copy the output including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—–
  6. Paste it into EZCA under the “Enter CSR Body” section. Create CSR Mac Create CSR Mac
  7. Click the “Request Certificate” button at the top right of the form. Create Certificate Create Certificate
  8. Your Certificate has been created successfully Create Certificate Create Certificate
  9. Next Steps: How To Install SSL Certificate