Creating a Certificate Signing Request (CSR)
How do I create a CSR to be signed by an internal certificate authority (CA)?
You want help creating a Certificate Signing Request

To create an SSL certificate on the ProxySG to be signed by an internal Certificate Authority, you must first configure a Certificate Signing Request keyring by performing the following steps:

1. Go to Management Console > Configuration Tab > SSL > Keyrings
2. Click the Create button
3. Type a name in the Keyring Name field (ex: CA_Cert)
4. Click OK (if you leave the default setting of "Do not Show Key Pair" you will not be able to copy this keyring to a new device if you should need to in the future)
5. Click Apply (you will then receive a message stating that changes were committed)
6. Click OK
7. Select the newly created keyring from the list of Keyrings
8. Click the Edit/View button
9. Make sure that your new keyring is selected from the Keyring drop-down
10. Click the Create button in the Certificate Signing Request section
11. Enter all the information associated with your company in the Create Certificate dialog box (in the Common Name field enter the IP address of the ProxySG; in the Challenge field, you may type anything you want, ex: 123456)
12. Click OK
13. Click Close
14. Click on Apply (you will then receive a message stating that changes were committed)
15. Click OK
16. Click Edit/View
17. Copy the certificate from Certificate Signing Request section
18. Send the certificate signing request to the internal Certificate Authority to have it signed

For steps on how to proceed once you have the the CSR signed by your internal CA, please go to

Configure the SSL proxy on the ProxySG for transparent interception and authentication using an SSL certificate issued from a Microsoft PKI server
How to set up Transparent SSL Forward Proxy with Authentication
How to set up Explicit SSL Forward Proxy with Authentication