Information for: DEVELOPERS   PARTNERS

Generating a certificate signing request (CSR)

The first step in obtaining an SSL certificate to use with Cloud Platform is to generate a Certificate Signing Request, or CSR. The CSR contains information about your organization and website that a Certificate Authority can use to generate the appropriate SSL certificate for your website.

You cannot generate a CSR for an Acquia default domain.

If you already have an SSL certificate, or if you choose to generate a CSR some other way (such as using the command line), you can skip this page. However, only CSRs generated using the Cloud Platform interface are managed and displayed in the Cloud Platform interface on the SSL page.

CSRs for Node.js applications

Certificate signing requests generated in the Cloud Platform user interface don’t work with Node.js applications. For more information and a workaround, see this known issue.

To generate a CSR in the Cloud Platform user interface, complete the following steps:

  1. Sign in to Cloud Platform as a user with the necessary permissions.

  2. Select your organization, application, and environment and then, in the left menu, click SSL.

  3. On the SSL page, click Generate CSR. The Generate certificate signing request page displays.

    Click Generate CSF

    Enter information on the Generate certificate signing request page

  4. On the Generate certificate signing request page, enter the following information:

    • Country: Use the standard two-letter ISO country code for the country where your organization is located. For example, US or ZA
    • State, province, or region: Use the full state or province name, without abbreviation. For example, California, not CA, and New Brunswick, not NB
    • Locality: Use the city or town name, without abbreviation
    • Organization or company: Use the full legal name of the organization or company that owns the domain name
    • Department or organizational unit: Use the name of the department or organizational unit for the domain
    • Common name (domain name): Enter the fully qualified domain name that visitors use to reach your website, without the http:// or https:// protocol element. For example, to secure https://www.example.com, enter www.example.com or *.example.com for a wildcard certificate
    • Subject alternative name(s): Optional. Enter additional domain names, separated by commas, such as www.example.net, www.example.org. Adding additional domain names will generate a CSR appropriate for a UCC (Unified Communications Certificate) SSL certificate
  5. Click Generate CSR.

Cloud Platform generates a CSR, based on the information you provided.

Using a CSR to obtain an SSL certificate

All the CSRs that have been generated for an environment are listed on the SSL page. You need to provide the CSR in encoded format to your SSL certificate vendor in order to obtain an SSL certificate. To get the CSR in encoded format:

  1. On the SSL page, under Certificate signing requests, click View to view the CSR.

  2. On the SSL certificate signing request page, on the PEM line, click Show.

    Displaying the encoded SSR

  3. Cloud Platform displays the encoded CSR. Copy the encoded CSR and provide it to your SSL certificate vendor in the vendor’s certificate purchase process.

Next step

After you generate and copy the CSR, use it to obtain an SSL certificate.