Note: Do not send more than one CSR to a CA at one time. Doing so may result in duplicate charges. You may view details of any pending requests that you previously submitted by clicking the Certificate Signing Request Details link in the Device Certificates tab.
To create a certificate signing request:
- In the admin console, choose System > Configuration > Certificates > Device Certificates.
- Click New CSR.

- Enter the required information and click Create CSR.

Note: Generating a 2048-bit CSR on a FIPS hardware device (such as the PCS6500 FIPS appliance) may take up to 10 minutes. Due to the nature of the FIPS hardware security module (HSM), access to the device is interrupted during the CSR generation. Pulse Secure recommends that CSR generation be performed during a maintenance window.
- Follow the instructions on-screen, which explain what information to send to the CA and how to send it. Under Step 1, certificate signing request is provided text box below.

- When you receive the signed certificate from the CA, import the certificate file using the instructions under Step 2.

Note: When submitting a CSR to a CA authority, you may be asked to specify either the type of Web server on which the certificate was created or the type of Web server the certificate is for. Select Apache (if more than one option with apache is available, choose any). Also, if prompted for the certificate format to download, select the standard format.
Importing a Signed Certificate Created From a CSRTo import a signed device certificate created from a CSR:
- In the admin console, choose System > Configuration > Certificates > Device Certificates.
- Under Certificate Signing Requests, click the Pending CSR link that corresponds to the signed certificate.

- Under Import signed certificate, browse to the certificate file you received from the CA and then click Import to add the new certificate to the device certificate list.

- From the device certificate list, click on the certificate you are replacing and remove the certificate from any ports that it is applied to and click Save Changes.
In this example, the current device certificate is only bound to the internal port.


- Click on the new certificate and reapply it to the relevant port.


- Once the certificate is no longer in use by any ports, it can be deleted from the device certificate list by placing a check in the box next to the certificate and clicking "Delete".