Follow this method when you need to install a device certificate on multiple Q-SYS Core processors and the CA does not have any specific requirements for the request.
Complete the CSR Form
General
- Country (C): From the menu, select the country in which this Core is located.
- Common Name (CN): This is prepopulated with the name of the Core as specified in Core Manager > Network Settings. Unless you intend to change the name of the Core after the certificate is generated, leave this as-is. Note that if you change the Common Name from the default, you must also change it in the DNS Names field.
- Optionally specify the Core's State or Province (ST), Locality (L), Organization (O), and Organizational Unit (OU). (Some of these fields might be prepopulated based on the detected location.)
- Optionally specify a contact Email address.
IP Addresses
RSA Key Size
Select a key size for the certificate: 2048, 3072, or 4096. Your CA can provide guidance for this based on organization security requirements.
Additional
- In the Challenge Password field, optionally create a challenge password for the request, which can prevent interception of the CSR by a 3rd-party. Some CAs may require this.
- Leave CA:TRUE unselected.
Generate the CSR for the First Core
- Click Generate CSR.
- Copy the CSR content to a .txt file named Core-Name-CSR.txt and save the text file to an accessible location.
- Send the CSR file to the CA.
Upload the CSR as a Template for the Next Core
On another Q-SYS Core processor:
- From the Certificates > Generate CSR tab, click Upload CSR as Template.
- Select and open the CSR text file you created previously.
Update Core-specific Details
The CSR form fields pre-populate with the required information.
Verify that the Common Name (CN), IP Addresses, and DNS Names are all correct for this Q-SYS Core processor. If there are any changes required, modify those fields now.
Generate the CSR
- Click Generate CSR.
- Copy the CSR content to a .txt file named Core-Name-CSR.txt and save the text file to an accessible location.
- Send the CSR file to the CA.
Sign the CSR and Generate the Certificate
The CA generates a signed certificate in a similar format and sends it back to you. This could be in the body of an email or a simple .txt file.
Install the Certificate
- Click the Device Certificate tab.
- Click Install Certificate.
- Paste the certificate text or click Upload Certificate to select a text file to upload.
- Click Install.
Note: Only one certificate can be installed at a time.
Reboot
From the Utilities page, reboot the Q-SYS Core processor for the certificate to take effect.
After the Core reboots, the signed certificate will be active. You may need to clear your browser cache so that the HTTPS connection to the Core's IP address is reestablished using the new certificate.
CAUTION: The installed certificate is destroyed during a Core factory reset.