Knowledge Base
Generate a CSR and Install a Certificate in Microsoft Azure Key Vault
-
Select Key Vault.
Sign in to the Azure portal and select the key vault where you wish to install your certificate.
-
Open certificate settings.
Select Certificates in the right-hand Settings menu.
-
Begin CSR generation.
Click the Generate/Import button to open the Create a certificate window.
-
Enter certificate details.
Enter or select the following details in the Create a certificate form fields:
• Method of Certificate Creation: select Generate
• Certificate Name: Enter a unique name for your certificate
• Type of Certificate Authority (CA): Select a Certificate issued by a non-integrated CA
• Subject: Enter the X.500 Distinguished Name for your certificate. For an SSL/TLS certificate, this would be something like CN=example.com.
• DNS Names: Add any additional domain names that should be added to an SSL/TLS certificate (e.g. secure.example.com, etc.).
• Validity Period: You can leave this at the default setting of 12 months. Your issued certificate will be based on your order, not the CSR.
• Content-Type: select PEM
• Lifetime Action Type: Here you can configure Azure to send email alerts at a certain percentage of the certificate lifetime or days before expiry.
-
Advanced Policy Configuration
Click Advanced Policy Configuration to set the key size, type, and policies for key reuse and exportability. If you want to generate an HSM-protected key, set Exportable Private Key to No and choose RSA-HSM or EC-HSM. For certificates issued by SSL.com, you can leave Extended Key Usages (EKUs) and X.509 Key Usage Flags and Enable Certificate Transparency at their default values, and Certificate Type blank. When you are finished setting the Advanced Policy Configuration, click the OK button.
-
Generate CSR.
Click the Create button to generate your new key pair and CSR.
-
Select certificate.
Locate your certificate in the list of in progress, failed or cancelled certificates and click it.
-
Click Certificate Operation.
Click the Certificate Operation button.
-
Download CSR.
Click the Download CSR button and download your CSR file.
-
Open CSR.
Open your CSR in a text editor so you can copy and paste it when ordering.
-
Order and retrieve the certificate.
Order the certificate (or reprocess an existing order). When ordering or generating your certificate, use the CSR you downloaded from Azure.
-
Select the certificate in the Key Vault.
Return to Key Vault and select your certificate’s name in the Certificates settings.
-
Click Certificate Operation.
Click the Certificate Operation button.
-
Merge Signed Request.
Click the Merge Signed Request button and navigate to the certificate you downloaded from SSL.com.
-
Certificate merged.
You should see notifications that your certificate request has been successfully merged.
-
Finished!
Your signed certificate is now installed in the Key Vault and ready to use.
For further assistance or troubleshooting, you can refer to Sectigo’s official Knowledge Base or contact support.
Need help?
Need help making a purchase? Contact us today to get your certificate issued right away.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
