Reset Search



KB40946 - How to generate a private key and certificate signing request (CSR) for a new or renewal certificate for Pulse One (On-Premise)?

« Go Back


Last Modified Date8/2/2018 10:44 PM
This article describes the step-by-step instructions how to generate a private key and CSR for a new or renewal certificate for Pulse One (On-Premise).
Problem or Goal

Install OpenSSL

OpenSSL is a common package that is available on all the major Linux distributions through their package installers. 

To check whether it is installed on a system, run the following command:
openssl version
If OpenSSL is already installed, the output will display the installed OpenSSL version number. If the command returns an error message or the version is older than 1.0.0, refer to the commands below:

Redhat / CentOS:
​​yum install openssl openssl-devel
Debian OS:
apt-get install openssl

Generate private (RSA) key

To generate a private key, run the following command:
openssl genrsa –out private.key 2048
The content of this file will be used in Pulse One setup. Keep it in a safe location.

Generate CSR for a wildcard certificate or SAN certificate

Important! Pulse One requires wildcard certificate CSR or SAN certificate CSR.

To generate a CSR for a wildcard certificate, run the following command:
openssl req -new -sha256 -key private.key -out request.csr

When prompted, enter the necessary information. In the Common Name field, ensure to prefix your domain name with an asterisk, for example: *

For generating a SAN certificate, use Pulse One FQDN as the common name and API and UI DNS names as Subject Alternative Names. For details on required Pulse One DNS entries, see “Pulse One Getting Started Guide”. DNS requirements are explained in “First Time Setup” section.

To generate CSR for SAN certificate, create a configuration file called “”. The following example shows the content of file. Please replace with your assigned Pulse One domain name (in BOLD).
distinguished_name = req_distinguished_name 
req_extensions = req_ext 
prompt = no
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
commonName =
[ req_ext ]
subjectAltName = @alt_names
DNS.1 =
DNS.2 =

After the “” file is created and saved, run following command:
openssl req -new -sha256 -key private.key -out request.csr –config

Verify your CSR

openssl req -noout -text –in request.csr
Confirm if the common name and subject alternative names are correct. Once completed, submit the CSR file to a certificate authority. For installation instructions, refer to Pulse One Getting Started Guide.

Note: Customers are recommended to generate a new private key and CSR when renewing their existing device certificate for Pulse One (On-Premise).
Related Links
Attachment 1 
Created ByFelipe Acusa



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255