# Using a Third-Party Trusted Certificate Authority ## **Generate a CSR** To obtain a certificate from a third-party CA, you need to generate a certificate signing request (CSR) as described below. In the RAS Console, navigate to **Farm** / **Site** / **Certificates**. Click **Tasks** > **Generate a certificate request**. In the dialog that opens, specify the following options: * **Name:** Type a name for this certificate. This field is mandatory. * **Description**: An optional description. * **Usage**: Specify whether the certificate should be used for RAS Secure Gateways or HALB, or both. This selection is mandatory. * **Key size:** The certificate key size, in bits. Here you can select from the predefine values. The default is 2048 bit, which is the minimum required length according to current industry standards. * **Country code**: Select your country. * **Expire in**: The certificate expiration date. * **Full state or province:** Your state or province info. * **City:** City name. * **Organization:** The name of your organization. * **Organization unit:** Organizational unit. * **E-mail:** Your email address. This field is mandatory. * **Common name:** The Common Name (CN), also known as the Fully Qualified Domain Name (FQDN). This field is mandatory. After entering the information, click **Generate**. Another dialog will open displaying the request. Copy and paste the request into a text editor and save the file for your records. The dialog also allows you to import a public key at this time. You can submit the request to a certificate authority now, obtain the public key, and import it without closing the dialog, or you can do it later. If you close the dialog, the certificate will appear in the RAS Console with the **Status** column indicating **Requested**. To submit the request to a certificate authority and import a public key: 1. If the certificate request **Properties** dialog is closed, open it by right-clicking a certificate and choosing **Properties**. In the dialog, select the **Request** tab. 2. Copy the request and paste it into the certificate authority web page (or email it, in which case you will need to come back to this dialog later). 3. Obtain the certificate file from the certificate authority. 4. Click the **Import public key** button and finalize the certificate registration by specifying the key file and the certificate file. ## **Import the certificate** You know need to import the certificate into Parallels RAS. To do so, on the **Certificates** tab, click **Tasks** > **Import certificate**. In the dialog that opens, specify the following: * **Name:** Type a name for the certificate. * **Description:** An optional description. * **Private key file:** Specify a file containing the private key. Click the **\[...]** button to browse for the file. * **Certificate file:** When you specify a private key file (above) and have a matching certificate file, it will be inserted in this field automatically. Otherwise, specify a certificate file. * **Usage:** Specify whether the certificate will be used for RAS Secure Gateways or HALB, or both. Click **OK** when done. The certificate will appear in the list in the RAS Console with the **Status** column indicating **Imported**. To view the certificate info, right-click it and choose **Properties**. In the dialog that opens, examine the properties and then click the **View certificate info** button to view the certificate trust information, details, certification path and the certificate status. You can also view the certificate info by right-clicking it and choosing **View certificate info**. For imported certificates, the **Properties** dialog has an additional tab **Intermediate**. If the original certificate included an intermediate certificate (in addition to the root certificate), it will be displayed here. You can paste a different intermediate certificate here if you wish. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.parallels.com/landing/ras-reference-architecture/v20/port-reference-and-ssl-certificates/ssl-certificates/using-a-third-party-trusted-certificate-authority.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.