Loading

Generating CSR for Dedicated Load Balancer (DLB)

게시 일자: Aug 1, 2025
과업

GOAL

Some Certificate Authority (CA) may require a CSR in order to generate a SSL certificate for your Dedicated Load Balancer (DLB). This article will explain how to obtain the CSR.
단계
We do not support generating the CSR directly from the DLB. You will need to run the following command from a Linux/Mac system.
  
openssl req -new -newkey rsa:2048 -nodes -keyout server-dev.key -out server-dev.csr

EXAMPLE:

$ openssl req -new -newkey rsa:2048 -nodes -keyout server-dev.key -out server-dev.csr
Generating a RSA private key
......................................+++++
............................................................................................+++++
writing new private key to 'server-dev.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: California
Locality Name (eg, city) []: San Francisco
Organization Name (eg, company) [Internet Widgits Pty Ltd]: CompanyX
Organizational Unit Name (eg, section) []: CompanyX IT
Common Name (e.g. server FQDN or YOUR name) []: api-dev.companyx.com
Email Address []: itsupport@companyx.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <blank>
An optional company name []: <blank>

$ ls -l
total 16
-rw-r--r--  1 llac  staff  1025 Jun  9 12:16 server-dev.csr
-rw-------  1 llac  staff  1704 Jun  9 12:15 server-dev.key

$ cat server-dev.csr
-----BEGIN CERTIFICATE REQUEST-----
MIICvTCCAaUCAQAZdU72EZYBILFNQ6CDaaMti2rN9Ctt
<REMOVED>
gn+RxwGz4XAPjBzp69qtCnBcOu1/0WVeRdqPYZNc5XU7
-----END CERTIFICATE REQUEST-----

$ cat server-dev.key
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAAS
<REMOVED> 
6T7V+vZPcUIAT9uwPR6RSyw=
-----END PRIVATE KEY-----

SFTP the two files out of your machine. Save the server-dev.key for uploading to the DLB's Private Key. The CSR will be used for your CA. After purchasing the new SSL certificate your CA will provide you with the intermediate cert and the root certificate. Use the following article on how to chain all 3+ cert to a single chained file. 

https://help.mulesoft.com/s/article/How-to-create-a-certificate-chain-for-a-Dedicated-Load-Balancer

NOTE: If your CA did not provide an intermediate/root cert you should be able to find it on their website to download. Check the that Common Name matches the Issuer. You can use this website to check the Common Name and Issuer.

https://www.sslshopper.com/certificate-decoder.html

api-dev.companyx.com.pem file should contain the 3 certificates. Note how they each refer to the next higher cert up the chain. The root cert are issued by itself.

Leaf Cert:
CN: api-dev.companyx.com
ISSUER: DigiCert SHA2 Secure Server CA

Intermediate Cert:
CN: DigiCert SHA2 Secure Server CA
ISSUER: DigiCert Global Root CA

Root Cert:
CN: DigiCert Global Root CA
ISSUER: DigiCert Global Root CA
Knowledge 기사 번호

001115158

 
로드 중
Salesforce Help | Article