Requisitions

After registering the necessary information to use the module, you can request certificates. The requests are essential so that senhasegura understands which type of certificate you want and which authority must sign them.

Every request includes a CSR (Certificate signing request), which contains essential information for the Certificate Authority to generate the certificate. This information consists of the public key, and a signature of the request made with the private key corresponding to the public key. In addition, it is necessary to provide other information to identify the applicant.

Request requisitions

To manually create a requisition, navigate to Certificate Manager➔Certificates➔Requests.

In the upper-right corner, click the (⁝) View Actions icon and select New.

1. Under the General tab, choose the Certificate type you want:

• DV SSL: domain verification and validation.
• OV SSL: verification and validation of name, documentation, and physical address.
• EV SSL: complete verification and validation of the domain, name, registration, physical address, and current operations, among others.

2. Then choose the Domain type: single, multiple, or wildcard.

3. In Organization, select the desired option and Add.

4. The Common name is important for identification in the system. It makes it easy to find the certificate that needs to be signed by a particular authority or published on a specific device. Write names that are relevant to module users.

5. In Expirations (in days), define the desired period for the certificate to remain valid.

6. Under SAN (Subject Alternative Name), add all the hostnames you want to secure with this certificate.

7. Add Tags to help find the request.

8. Choose the Encryption algorithm you want for the certificate. Remember to choose the appropriate algorithm for your organization's security criteria.

9. Select the Encryption key size.

10. Set the Certificate signing algorithm. This algorithm is used to sign the certificate through the certificate authority.

11. To ensure security, you can set a password for viewing the certificate in the Store password field. The action is not mandatory.

12. In a certificate revocation scenario, senhasegura presents the registered Revocation password to the Certification Authority (CA) and validates the annulment.

13. Save.

Additional Settings tab

Tab with informational fields for our system. This information doesn't have much impact on the CA, but it helps to identify the certificate within senhasegura.

• Project: identify the project name of the certificate in the request.
• External IP: inform the external IP of the certificate in the request.
• IP or hostname: inform the IP or hostname of the certificate in the request.
• Reason: inform the justification for requesting a requisition (up to 1024 characters).
• Description: describe the request (up to 512 characters).
• Enable signature detailed log: specific log that works only for Microsoft CA.

Signature settings

This item serves to predefine a standard signature for the certificate. You can change the pre-established configuration at the time of subscription.

• Self-signed?: select Yes if you want the certificate to be signed by a device you recognize and trust.
• Choose CA: if you selected No in the option above, choose the CA that will sign the certificate.

Responsible for the request

Select the person responsible for the request and the certificate. Must be a user registered in senhasegura.

Environment tab

Select the environment to which the certificate will be applied.

System tab

Select the system to which the certificate will be applied.

Import requisitions

If a requisition is already ready, it is possible to import it so that senhasegura can process and generate the certificate.

To import a requisition:

1. In the upper-right corner, click the (⁝) View Actions icon and select Import request.

2. Select the .CSR file and the .Key file.

3. At Key password, enter the certificate key password.

4. In a certificate revocation scenario, senhasegura presents the registered Revocation password to the Certification Authority (CA) and validates the annulment.

5. Choose the Certificate signing algorithm. This algorithm will be used to sign the certificate through the certificate authority.

6. Choose the Certificate type you want to obtain:

• DV SSL: domain verification and validation.
• OV SSL: verification and validation of name, documentation, and physical address.
• EV SSL: complete verification and validation of the domain, name, registration, physical address, and current operations, among others.

7. Then, choose the Domain type: single, multiple, or wildcard.

8. In Organization, select the desired option and Add.

9. Save.

Other actions

In the Action column, by clicking on the icon (⁝), you will also find the options:

Clone request: select if you want to copy all data from the existing requisition. Useful for cases where you only need to update the certificate validity.

View request: select to view your request information.

Edit: this option is visible only if the request still needs to be signed. Select to change any required information.

Cancel request: this option is visible only if the request still needs to be signed. Select if you want to cancel the request.

Validation guidelines:  this option is visible only if there was an error when signing the request. Select if you need help figuring out why the request didn't work.