Certificate Signing Request

NOTE: This feature is only available with Hermes SEG Pro License.

In this section, you can generate a Certificate Signing Request (CSR) that you can send to a Certificate Authority (CA) in order to generate a certificate. In addition to the CSR, Hermes SEG will also create the associated private key.

  1. Under the Country Name field, enter the two letter code of the country, for instance for United States enter US.
  2. Under the State or Province Name field, enter the full name of the state or province, e.g., Texas.
  3. Under the Locality Name field, enter the full name of the locality or city, e.g., Houston.
  4. Under the Organization Name field, enter the name of the organization or company, e.g., Widgets, Inc.
  5. Under the Organizational Unit Name field, enter the Organization Unit or department, e.g., IT Department.
  6. Under the Common Name field, enter the domain you want to secure. For example, if you want to secure www.domain.tld, you would simply enter domain.tld. Common names should not include http or https or www. Alternatively, if you want to secure the domain secure.domain.tld, you would simply enter secure.domain.tld. If you want to create a wildcard certificate CSR for the domain domain.tld, you would simply enter *.domain.tld.
  7. Under the Certificate Encryption Length field,  select the appropriate length (4096-bits is recommended).
  8. Under the Secure Hash Algorithm field, select the appropriate hash (SHA-512 is recommended). Note, that this particular setting may NOT be respected by the issuing CA. Some CAs will default to SHA-256.
  9. Click the Create Certificate Request button (Figure 1).

Figure 1

image-1606158510715.png

  1. After you click the Create Certificate Request button, the system will generate a .RAR archive file containing the CSR, the associated private key and it will provide a link on the bottom of the page to download the file (Figure 2).

Figure 2

image-1606158522153.png

Figure 3

image-1606158535472.png

  1. Extact the archive to a directory of your choice. The extracted contents will be two files, one will be the CSR named XXXXXXXX.csr.txt and the other one will be the private key named XXXXXXXX.key.txt where XXXXXX is a random system generated name (Figure 4).

Figure 4

image-1606158546105.png

  1. Ensure you keep the private key file in a safe place, and submit ONLY the contents of the CSR file to the Certificate Authority of your choice. Once the CA generates a certificate, you are going to need the private key to go along with the certificate.