Manually uploading the CSR
If you are managing a certificate under Enrollment or Provisioning, you have the option of manually generating the CSR, then uploading it to the Trust Protection Platform database so Trust Protection Platform can complete the enrollment process with the appropriate CA.
If the CSR is provided by a user, you might also want to upload the private key so it is archived in the Trust Protection Platform database. Trust Protection Platform must have a copy of the certificate’s private key to provision certificates and key pairs. For more information, see Manually Uploading the Private Key.
DID YOU KNOW? Why can't I specify SANs on my user-provided CSR?
Today, you can specify SANs on your CSR, but only if the CSR has no embedded SANs. Not all CAs support adding additional SANs (additive SANs); so to allow maximum compatibility across many CAs, Trust Protection Platform prevents the use of additive SANs.
To manually upload a CSR
-
From the Platform menu bar, click Policy Tree.
You must have View and Write permissions to the Certificate object.
- In the Policy tree, select the Certificate object whose certificate file you want to import.
- Click the Certificate > Settings tab.
- Click Upload CSR.
-
Do one of the following:
- Paste the Base64-encoded CSR into the Paste window.
- Click Browse to navigate the Directory structure, then upload a Base64 Binary-encoded CSR into Policy Tree.
-
Click Upload.
If Service Generated CSR is selected in the Certificate object configuration, then the uploaded CSR values are added only to the unlocked SubjectDN fields that are editable. No check is made to ensure that the values adhere to the Policy.
If User Provided CSR is selected in the Certificate object configuration, then the uploaded CSR values must adhere to the Policy before they are applied to the Certificate object. If they do adhere to Policy, they are added to the certificate and stored in the Trust Protection Platform database when the Certificate object is saved.
-
The uploaded CSR is securely stored in the Trust Protection Platform database and is used to renew the certificate.
- When finished, click Apply/Save.