To generate a certificate signing request with Secure Hash Algorithm 256 (SHA256) or key sizes larger than 3072-bit, follow the procedure below.
Note: OpenSSL is required to generate a certificate signing request. This tool is available at https://www.openssl.org/).
Run the following command to generate a certificate signing request:
openssl req -nodes -sha256 -newkey rsa:4096 -keyout Private.key -out CertificateRequest.csr
This example command is generating a 4096-bit key with SHA256.
A Private.key should be stored in a safe place. After the signed certificate is received back from the Certificate Authority, you will need this file to import the device certificate to the Pulse Connect Secure device. You must provide the
CertificateRequest.csr file to your Certificate Authority to enroll for a device certificate. After approval, you will receive a signed certificate.
Note: If PCS is running 8.2R3 or below, above steps are required to generate a certificate signing request (CSR) with SHA256 or key sizes larger than 2048-bit. 3072-bit key length is supported from PCS OS 8.2R4 & above