SearchSupportDocsFree trial
Contact us

Knowledge Base

Knowledge BaseCertificate Signing Request (CSR)

Generate a CSR and Install a Certificate in Microsoft Azure Key Vault 

Updated on November 12, 2025
 
 

  1. Select Key Vault. 

Sign in to the Azure portal and select the key vault where you wish to install your certificate. 
Select key vault 

  1. Open certificate settings. 

Select Certificates in the right-hand Settings menu. 
Certificates link 

  1. Begin CSR generation. 

Click the Generate/Import button to open the Create a certificate window. 
Generate/Import 

 

 

  1. Enter certificate details. 

Enter or select the following details in the Create a certificate form fields: 
 
• Method of Certificate Creation: select Generate 
• Certificate Name: Enter a unique name for your certificate 
• Type of Certificate Authority (CA): Select a Certificate issued by a non-integrated CA 
• Subject: Enter the X.500 Distinguished Name for your certificate. For an SSL/TLS certificate, this would be something like CN=example.com.
• DNS Names: Add any additional domain names that should be added to an SSL/TLS certificate (e.g. secure.example.com, etc.). 
• Validity Period: You can leave this at the default setting of 12 months. Your issued certificate will be based on your order, not the CSR. 
• Content-Type: select PEM 
• Lifetime Action Type: Here you can configure Azure to send email alerts at a certain percentage of the certificate lifetime or days before expiry. 
 
enter certificate details 

 

  1. Advanced Policy Configuration 

Click Advanced Policy Configuration to set the key size, type, and policies for key reuse and exportability. If you want to generate an HSM-protected key, set Exportable Private Key to No and choose RSA-HSM or EC-HSM. For certificates issued by SSL.com, you can leave Extended Key Usages (EKUs) and X.509 Key Usage Flags and Enable Certificate Transparency at their default values, and Certificate Type blank. When you are finished setting the Advanced Policy Configuration, click the OK button. 
Advanced Policy Configuration

 

  1. Generate CSR. 

Click the Create button to generate your new key pair and CSR. 
Click create button 

  1. Select certificate. 

Locate your certificate in the list of in progress, failed or cancelled certificates and click it. 
 
Select certificate 

  1. Click Certificate Operation. 

Click the Certificate Operation button. 
Certificate Operation 

  1. Download CSR. 

Click the Download CSR button and download your CSR file. 
Download CSR

 

  1. Open CSR. 

Open your CSR in a text editor so you can copy and paste it when ordering. 
CSR in text file 

  1. Order and retrieve the certificate. 

Order the certificate (or reprocess an existing order). When ordering or generating your certificate, use the CSR you downloaded from Azure. 
Paste CSR into form

 

 

  1. Select the certificate in the Key Vault. 

Return to Key Vault and select your certificate’s name in the Certificates settings. 
Select certificate 

  1. Click Certificate Operation. 

Click the Certificate Operation button. 
Certificate Operation 

  1. Merge Signed Request. 

Click the Merge Signed Request button and navigate to the certificate you downloaded from SSL.com. 
Merge Signed Request

 

 

  1. Certificate merged. 

You should see notifications that your certificate request has been successfully merged. 
 
certificate request successfully merged 

  1. Finished! 

Your signed certificate is now installed in the Key Vault and ready to use. 
Certificate installed 

 

For further assistance or troubleshooting, you can refer to Sectigo’s official Knowledge Base or contact support. 

Need assistance?

Contact our team for help with your purchase or issuing your certificate.

Live chat

Click the button below or click "Chat with an Expert" to start chatting with us now!

Start chat

Call us today

United States
+1 888 266 6361
France
+33 3 66 72 95 95
Italy
+39 02 4792 1708
Spain
+34 900 838 451
Germany
+49 800 1002328
International
+1 914 732 844

Resources