Create a Certificate Signing Request (CSR)

Applies To: Cloud-managed Fireboxes

Use a certificate signing request (CSR) to obtain a signed certificate from a Certificate Authority (CA).

You can generate the CSR directly from WatchGuard Cloud for your Firebox. To create a self-signed certificate, you add part of a cryptographic key pair in a CSR and send the request to a Certificate Authority (CA). The CA issues a certificate after the CA receives the CSR and verifies your identity.

To create a CSR for your account, go to Administration > Certificates. To create a CSR for your device, select your cloud-managed device and go to Device Configuration > Device Certificates.

Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have Account Administration permissions to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.

CSRs created for your account can only be imported at account level. CSRs created for a device can only be imported at device level.

To create a CSR:

  1. Select the CSR tab.
  2. Click Create CSR.

Screen shot of the CSR tab on the Certificates page

  1. On the Specify Subject Name page, enter these certificate request details:
  2. Name (CN) — The CN (Common Name) is the fully qualified domain name of the device you want to secure, such as host.example.com.
  3. Department Name (OU) — Type the OU (Organizational Unit) that the device belongs to. For example, IT or Sales.
  4. Company Name (O) — Type the company name that the device belongs to.
  5. City/Location (L) — Type the city or location where the device is located.
  6. State/Province (ST) — Type the two-character state or province code where the device is located.
  7. Country (C) — Type the two-character country code where the device is located.

Screen shot of the Specify Subject Name page for a CSR

  1. Click Next.
  2. On the Specify Domain page, from the Type drop-down list, select the type of certificate request.

    3. Enter these details:

    • DNS Name — The DNS name of the device you want to secure, such as host.example.com.
    • Email address — The email address associated with your request.
    • IP Address — The IP address of the device you want to secure.

The IP Address text box appears when you create a CSR from the Device Certificates page.

Screen shot of the Specify Domain page for a CSR

  1. Click Next.
  2. On the Select the Encryption and Key Usage page, select the Algorithm, Key Length, and Key Usage. By default, the certificate uses RSA encryption, 3072-bit key length, and both encryption and signatures for key usage.

Screen shot of the Encryption and Key Usage page for a CSR

  1. Click Next.
    The Finish page opens.

Screen shot of the Finish page for a CSR

  1. Click Download CSR and save the file on your computer.
  2. Send this CSR to a certificate authority (CA) for signing.
  3. Click Done.
  4. Select the CSR tab to view your CSR in the list. When you receive the signed certificate, the pending CSR is removed from this list.

Next Steps

After you receive the signed certificate from the CA, you can add it to WatchGuard Cloud or a specific device. For more information, go to Add a Certificate.

Related Topics

Manage Certificates

Configure the Web Server Certificate for Firebox Authentication

Import and Install a Third-Party Web Server Certificate