How to generate and use a CSR in the SBR 6 Admin GUI
- Launch the SBR 6 Admin via the appropriate URL.
- Navigate to the Authentication Policies section and expand it. Select Certificates
- Click Create.
- Fill in the fields. Some fields are optional, but recommended. Password is required
Currently the CSR fields have the following restrictions:
- Password For Private Key Field is limited to 7 characters
- Other fields "comma" is not allowed.
Violation to the above restriction will cause an UNEXPECTED ERROR.
- Click OK.
- You will be prompted to save the certificate request to a text file.
- Once the file is saved, you will see the dialog below.
- Click OK
- You will be prompted to save the keystore. This is the private key for the server certificate.
- Once you have done this, open the certificate request text file created in step 6. Select ALL of the text (including the Begin and End lines and copy it to the clipboard.
- Next, navigate to your local certificate authority to submit the certificate request.
- In this example, we are using a Microsoft Windows 2003 Certificate Authority. Click Request a Certificate
- Click Advanced Certificate Request
- Click "Submit a certificate request by using… ".
- A form is displayed. Paste the contents of the certificate request text file created in step 6. On some CA implementations, you may have an option to select a certificate template. Choose either Web Server or Server Authentication
- Click Submit.
- Depending on how your CA is setup, you may need the CA Administrator to manually issue your certificate by logging into the Certificate Authority console. The CA can also be configured to automatically issue the certificate. Either way, once the certificate has been issued, navigate back to the main page of the CA. Click View the status of a pending certificate request
- Click on the certificate entry that corresponds to your request.
- Click Download Certificate
- Click Save to save the certificate.
- Back in the SBR Admin tool, click Add.
- Select the certificate you saved in step 20.
- Once you click OK, you will be prompted for the private keystore file.
- Select the file we created back in step 9.
- Provide the password you entered from step 4.
- Click OK
- You are done. Your display should now be updated to reflect your new certificate.
- If you wish to backup the newly created certificate, it is located in
C:\Program Files\Juniper Networks\Steel-Belted Radius\Service\ROOT (default location).