Information for: DEVELOPERS   PARTNERS

Generating a certificate signing request (CSR)

Using SSL

The first step in obtaining an SSL certificate to use with Acquia Cloud is to generate a Certificate Signing Request, or CSR. The CSR contains information about your organization and website that a Certificate Authority can use to generate the appropriate SSL certificate for your website.

You cannot generate a CSR for an Acquia default domain.

If you already have an SSL certificate, or if you choose to generate a CSR some other way (such as using the command line), you can skip this page. However, only CSRs generated using the Acquia Cloud interface are managed and displayed in the Acquia Cloud interface on the SSL page.

CSRs for Node.js applications

Certificate signing requests generated in the Acquia Cloud user interface don’t work with Node.js applications. For more information and a workaround, see this known issue.

To generate a CSR in the Acquia Cloud user interface, complete the following steps:

  1. Sign in to Acquia Cloud as a user with the necessary permissions.

  2. Select your organization, application, and environment and then, in the left menu, click SSL.

  3. On the SSL page, click Generate CSR.

    Enter information to generate a CSR

  4. On the Generate new certificate signing request page, enter the following information:

    • Country - Use the standard two-letter ISO country code for the country where your organization is located. For example, US or ZA
    • State, province, or region - Use the full state or province name, without abbreviation. For example, California, not CA, and New Brunswick, not NB
    • Locality - Use the city or town name, without abbreviation
    • Organization or company - Use the full legal name of the organization or company that owns the domain name
    • Department or organizational unit - Optional. Use the name of the department or organizational unit for the domain
    • Common name (domain name) - Enter the fully qualified domain name that visitors use to reach your website, without the http:// or https:// protocol element. For example, to secure, enter or * for a wildcard certificate
    • Subject alternative name(s) - Optional. Enter additional domain names, separated by commas, such as, Adding additional domain names will generate a CSR appropriate for a UCC (Unified Communications Certificate) SSL certificate
  5. Click Generate CSR.

Acquia Cloud generates a CSR, based on the information you provided.

Using a CSR to obtain an SSL certificate

All the CSRs that have been generated for an environment are listed on the SSL page. You need to provide the CSR in encoded format to your SSL certificate vendor in order to obtain an SSL certificate. To get the CSR in encoded format:

  1. On the SSL page, under Certificate signing requests, click View to view the CSR.

  2. On the SSL certificate signing request page, on the PEM line, click Show.

    Displaying the encoded SSR

  3. Acquia Cloud displays the encoded CSR. Copy the encoded CSR and provide it to your SSL certificate vendor in the vendor’s certificate purchase process.

Next step

After you generate and copy the CSR, use it to obtain an SSL certificate.