For more information, please see letsencrypt.org.
Create a Certificate Signing Request
When using a CA issuer other than Let's Encrypt, a certificate signing request, or CSR, must first be created. The data associated with the
CSR contains the details about your organization and BeyondTrust site, which is then submitted to your certificate authority. The CA can
then publicly certify your organization and B Series Appliance.
Certificates consist of a friendly name, key, subject name, and one or more subject alternative names. You must enter this
information in the BeyondTrust /appliance web interface to create a certificate signing request.
1. Log into the /appliance web interface of your B Series Appliance
and go to Security > Certificates.
2. Provide the following information to create your self-signed certificate:
l
Certificate Friendly Name: A descriptive title used to identify your
certificate request on the B Series Appliance Security >
Certificates page. Examples could include your primary DNS name
or the current month and year.
l
Key: Select a key size from the dropdown. Larger key sizes
normally require more processing overhead and may not be
supported by older systems. However, smaller key sizes are likely
to become obsolete or insecure sooner than larger ones. If using a
certificate authority, verify which key strengths they support.
3. Subject Name: These fields consist of the contact information for
the organization and department creating the certificate along with the name of the certificate.
l
Country: The two-character ISO 3166 country code for your organization. If you are unsure of your country code, please
visit www.iso.org/iso-3166-country-codes.html.
l
State/Province: The full state or province name of your organization, if applicable.
l
City (Locality): The city of your organization.
l
Organization: Your organization or company name.
l
Organizational Unit: The group or department within the organization managing the certificate and/or the BeyondTrust
deployment for the organization.
l
Name (Common Name): A human-readable title for your certificate. This name must be unique to differentiate the
certificate from others on the network, which could include the public internet. It is not recommended that you use your
DNS name as the common name. However, some certificate authorities may require that you do use your fully qualified
DNS name for backward compatibility. Contact your certificate authority for details.
l
Subject Alternative Names: A list of the fully qualified domain names for each DNS A-record which resolves to your B Series
Appliance (e.g., support.example.com). After entering each subject alternative name (SAN), click the Add button.
A SAN lets you protect multiple hostnames with a single SSL certificate. A DNS address could be a fully qualified domain name,
such as support.example.com, or it could be a wildcard domain name, such as *.example.com. A wildcard domain name covers
multiple subdomains, such as support.example.com, remote.example.com, and so forth. If you are going to use multiple
hostnames for your site that are not covered by a wildcard certificate, be sure to define those as additional SANs.
SALES: www.beyondtrust.com/contact
SUPPORT: www.beyondtrust.com/support
DOCUMENTATION: www.beyondtrust.com/docs
8
©2003-2024 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or
depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.
TC: 7/9/2024
REMOTE SUPPORT
SSL CERTIFICATES