Okay, so today I wanted to mess around with generating a CSR, you know, a Certificate Signing Request, using Avi. It’s not something I do every day, but I figured it’d be a good thing to document, just in case I need it again or someone else finds it useful. So, here’s how it went down.
First off, I logged into the Avi Controller. Just the usual stuff, you know, username, password, the whole shebang. Once I was in, I needed to find where the CSR creation stuff lived. I poked around a bit and found it under the Templates section. From there, I clicked on Security and then SSL/TLS Certificates. There it was, a big shiny button that said Create. I clicked it and selected Application Certificate.
Now, this is where it got a bit more involved. I had to fill out a form with all sorts of details. The Name field was easy enough, just something descriptive so I’d know what it was for later. Then came the Common Name, which is basically the domain name you want the certificate for. I typed that in carefully, making sure there were no typos.
Next up was the Organization Unit, Organization Name, Locality, State or Province, and Country. This is all standard stuff for a CSR, just your basic contact info. I filled in all my details, double-checked everything, and then moved on to the Subject Alternate Name (SAN). This is where you can add extra domains or IP addresses that the certificate should cover. I added a couple of those, just to be safe.
After that, I had to choose the Algorithm. I went with RSA, pretty much the standard these days. Then there was the Key Size. I bumped it up to 2048 bits for some extra security. Better safe than sorry, right?
Once all that was filled out, I scrolled down and hit the Save button. Boom, the Avi Controller started doing its thing, generating the CSR. It took a few seconds, and then I saw a new entry in the list of certificates, but it was marked as incomplete. That’s because it’s just the request, not the actual signed certificate yet.
So, the next step was to download the CSR. I clicked on the little download icon next to the new entry, and it gave me a file with a bunch of encoded text. This is the CSR that I needed to send to a Certificate Authority (CA) to get it signed. I copied that text and saved it to a file on my computer.
Getting the CSR Signed
With the CSR in hand, it was time to get it signed. This part is not done on the Avi itself. You got to get the CSR from your Avi to a CA. After that, they give you the signed certificate, you upload it back on Avi.
- I copied the CSR.
- I went to the CA’s website.
- I found the section for submitting a CSR.
- I pasted my CSR into the form.
- I paid for the certificate, because they don’t do it for free.
- I completed the rest of the steps on the CA’s website.
After a little while, I received the signed certificate from the CA. They usually send it to you via email, or you can download it from their website.
Uploading the Signed Certificate
Once I had the signed certificate, I went back to the Avi Controller. I found the same incomplete certificate entry from before, and this time, instead of downloading, I clicked on the option to upload the signed certificate. I selected the file I got from the CA and uploaded it.
And that was it! The Avi Controller processed the signed certificate, and the entry in the list changed from incomplete to complete. Now I had a fully functional, signed SSL/TLS certificate ready to use for my applications. Pretty neat, huh?
So, yeah, that’s how I generated a CSR using Avi. It wasn’t too complicated, just a bunch of steps you gotta follow. Hopefully, this little walkthrough helps someone else out there who’s trying to do the same thing.
