How to acquire and register a Digital Certificate with Azion

Digital Certificates are essential to provide your infrastructure with reliability and compliance with data protection regulations. At Azion, you have several options to secure your domains with TLS certificates. Aside from registering a certificate and private key that you already own, you can also request a Let’s Encrypt certificate for your domain.

If you don’t own a certificate, you can issue a request through Azion and submit it to a certificate authority. This guide will describe how you can generate a Certificate Singing Request (CSR) through Azion.

A CSR is an encrypted request to a Certificate Authority (CA) for issuance of a digital certificate. You can provide Azion with your business details to automatically generate the CSR for you. After it’s created, you can submit it to any CA of your choosing. They’ll review your request and, if approved, issue an authenticated certificate. You then use the certificate provided by the CA to register it with Azion and associate it with a domain.

Step 1. Create a Certificate Singing Request (CSR)

Section titled Step 1. Create a Certificate Singing Request (CSR)

Via Azion Console

Section titled Via Azion Console
  1. Access Azion Console > Digital Certificates.
  2. Click the Add certificate button.
  3. In the dropdown, select Edge Certificate.
  4. Give your CSR an easy-to-remember name.
  5. Select the option Generate CSR and private key with Azion.
  6. Fill in the requested information.
  • Common Name: the apex domain address that will be bound to the certificate. Example: domain.org.
  • Country/Region: the two-letter country code of where your organization is based. Example: BR for Brazil.
  • State/Province: the state or province where your organization is based. Example: Distrito Federal.
  • City/Locality: the city or county where your organization is based. Example: Brasília.
  • Organization: your organization’s name. Example: Company Name Inc.
  • Organization Unit: the department or body responsible for managing the certificate. Example: IT Department.
  • Email: the email of the body responsible for managing the certificate. Example: it@companyinc.org.
  • Private Key Type: the type of private key generated. Azion currently only works with RSA 2048 encryption.
  • Subject Alternative Names (SAN): list of other names or records to be associated with the certificate as SANs. Separate each SAN by a new line. Example: domain.net.
  1. Click the Save button.
  2. Copy the value in the Certificate Singing Request (CSR) field.

Via API

Section titled Via API
  1. Run the following POST request in your terminal, replacing [TOKEN VALUE] with your personal token and the placeholders in the body with the desired values:
Terminal window
curl --location 'https://api.azionapi.net/digital_certificates/csr' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token {{[TOKEN VALUE]}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "New CSR",
    "common_name": "domain.net",
    "country": "US",
    "state": "Washington",
    "locality": "Seattle",
    "organization": "Example",
    "organization_unity": "IT",
    "email": "itdepartment@example.com",
    "private_key_type": "rsa_2048",
    "sans": [
        "www.domain.net",
        "mail.domain.net",
        "support.domain.net"
    ]
}'
KeyDescription
nameName of the CSR
common_nameAccepts a string that should contain the apex domain address that’ll be bound to the certificate
countryAccepts a two-character string that should contain the country code of where your organization is based
stateAccepts a string that should contain the state or province where your organization is based
localityAccepts a string that should contain the city or county where your organization is based
organizationAccepts a string that should contain your organization’s name
organization unitAccepts a string that should contain the department or body responsible for managing the certificate
emailAccepts a string that should contain the email of the body responsible for managing the certificate
private_key_typeEnum that should contain the type of private key generated. Accepts only the value rsa_2048
sansAccepts an array. List of other names or records to be associated with the certificate as SANs. Optional
  1. You’ll receive a response similar to this:
{
    "results": {
        "id": <digital_certificate_id>,
        "name": "New CSR",
        "issuer": null,
        "subject_name": [],
        "validity": null,
        "status": "Pending",
        "certificate_type": "edge_certificate",
        "managed": false,
        "azion_information": "",
        "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIDGTCCAgECAQAwgdMxEDAOBgNVBAoMB0V4YW1wbGUxCzAJBgNVBAsMAklUMRQw\nEgYDVQQDDAtleGFtcGxlOp5ldDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp\nbmd0b24xEDAOBgNVBAcMB1NlYXR9uGUxJzAlBgkqhkiG9w0BCQEWGGl0ZGVwYXJ0\nbWVudEBleGFtcGxlLmNvbTE/MD0GA1UdEQw2d3d3LmV4YW1wbGUubmV0LCBtYWls\nLmV4YW1wbGUuuMV0LCBzdXBwb3J0LmV4YW1wbGUubmV0MIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAt4yjDFvBt4XZzhlOPsw5JTITbWLFBu9YwfJJReWk\nlNQrcO5Ao8gIvp2T3XVNwOGsVEtAcKbw/YvftkqXLl81Jo1sMKyoRG8MTauUF3G9\n7EoyNAJ3ddyUlDYiA1VPz//PrCJ0PNwG7C+yL40OW2AM7zduHTyCXWUKxsGJ3QW8\nf4ePje89x7AtSsqHz486mZ6g6xxcj9j8FcFx9LdaElMfnQ0Mekp7nkdcPul9hR/s\ngKkAOg7sXXf88NDTYc69bR99NTFj9iyBz53M7Uied7KPJjFrpmxKh5KT2TCEqFrQ\nyk3Trc9NHLCpw9M5AyOqgwcZYcEtiZP9xQu3nMzxFdBnSwIDAQABoAAwDQYJKoZI\nhvcNAQELBQADggEBABDUzbxE6s+1dOvBTV1j1wJlY4GciGFsRUG2TT9LS8Oh8XDP\nx1DJlL8yjxdC/otPZiH1H7sLVofz0E9esn+SN2ys22WV9ujWD88Wq+M6UtsAvti0\nxh5p5pX//xbdqadl18OgmZbyO3FoKZInFRIovndYyBdSK/csXj0O7GL3cRfufXNU\n+8DDOUJJR41RM+7KfGn1G1nsCpOVDjBjuNq0AjDPCK7ASC0suA6pZlzfic2gAIvI\nqvrMxcbOAg9rJRtXqNrD5YlV6thCeHqme1TZNoUC5k6CWdOKeez8W2ovni5ZivNn\nGrSOKksZHTF1GM6KmPm0eGcNV1/3+DynNJ4wbPA=\n-----END CERTIFICATE REQUEST-----\n",
        "certificate_content": null
    }
}
KeyDescription
idDigital certificate ID
issuerStores the information on the CA that’ll issue the certificate
subject_nameArray that lists the records associated with the certificate and confirmed by the CA
validityExpiration date of the certificate
statusEnum that indicates the status of the certificate. Returns Pending when the certificate hasn’t yet been generated by the CA. Returns Active when the certificate has been registered with Azion
certificate_typeEnum that indicates the type of the certificate. CSR certificates are assigned the value edge_certificates
managedBoolean that flags whether the certificate is managed by Azion’s certificate tool. Not applicable to CSR certificates
azion_informationString that updates the status of certificates managed by Azion’s certificate tool. Not applicable to CSR certificates
csrString that holds the certificate signing request to be submitted to a CA for issuance. Includes the escape sequence \n that may require conversion to a line feed upon submission to a CA
certificate_contentKey that should be updated via PATCH with the certificate generated by the CA
  1. Copy and store the CSR value in the csr property.

Step 2. Submit the CSR to a Certificate Authority

Section titled Step 2. Submit the CSR to a Certificate Authority

Once you’ve generated your CSR with Azion, the next step is to submit it to a Certificate Authority (CA). This can usually be done online. You’ll need to begin by choosing a CA that suits the needs and standards of your organization. Some popular choices are:

Whichever CA you choose will validate the information in the CSR generated against an agreed standard. Once validated, the CA will issue a TLS certificate for your application, which can then be registered to Azion and associated with a domain.

Step 3. Register the issued certificate with Azion

Section titled Step 3. Register the issued certificate with Azion

Once you receive a certificate issued by your CA, you must associate it with the CSR entry you created. After your certificate is active with Azion, you may associate the certificate to a domain.

Via RTM

Section titled Via RTM
  1. Access Azion Console > Digital Certificates.
  2. Select the CSR you created.
  3. Paste the certificate code, including the begin and end tags, into the Certificate field.
  4. Click the Save button.

Via API

Section titled Via API
  1. Run the following PATCH request in your terminal, replacing [TOKEN VALUE] with your personal token, the <digital_certificate_id> with the ID you got in the previous response and the certificate in the certificate_content key:
Terminal window
curl --location 'https://api.azionapi.net/digital_certificates/<digital_certificate_id>' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token {{[TOKEN VALUE]}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "certificate_content": "-----BEGIN CERTIFICATE——\nADgPIWMQBAKIAMSACGAgI3fGBMTHXI0bDTCIGIVCGuMgNAEGABQsBApCBqMJUwSx\nA2RFjv0gdbMhM0MA0hzAbAIHE53WMwwBMHpjwNwj35MzgNtTbIiywTMOWdcMWcje\gaBkDAkjQcGi0bB9WI0A1IdRjDA3bQlBXkqwWFOD4B2wwh3I2hMMVtu9YuYbNkBT\AQEFAAOCAQ8AMIIBCgKCAQEAt25cziDBsHbZzZhy9BPLApPf9OmE67k9pr7VezsR\nkIw4trY2xtJXFB7itT1p7HxbLBoL5u8FGmMKssB+XTmztmgty43ogor1KSjUgfZg\nrpAqyXtrbSM5g+14c0VO9S0LkkePlHvul0UiblJj7K+gkvc6sZqXZY+TI1BPqeuO\ns9A4LLCUGziyNv0qJfIL5RZm07Yy35BEBTTxUWVL2msfaUH2uPM5XN5eFC7oKN0/\n3NuYIboRmyk+P7CDC99M8Mp/wOjiB+yVGZVTjeqGPI8nFWJl2waXkc54VvW84xQP\njwtid1v1KENK/ixMAAXi2cQ9gNRX+/USoneuWj5n4QUj6QIDAQABo1AwTjAdBgNV\nHQ4EFgQU2sDgtyYMDXvw79OhdvAFqcLmcwkwHwYDVR0jBBgwFoAU2sDgtyYMDXvw\n79OhdvAFqcLmcwkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAKzCM\niG67IPwJK6MIJ31N734AofnjLf+fffxNtfYmH0XGORHPYUxCxsLxXiSFgPvubWh+\Lahvmz0plDObtDb8DnqbDP8OnxKxBIsNT1WJdlS9dgB4+0YOhmpfQXM3nDuP06v7m+fnK8bF6lW0jwIA87/u5b/RVOz1htMNLoF8BvLi6\7ODLTv5oZ6Wwhf1tNADmSHz3l\n6ra9d8oa6jK1fe2/5A7LY41acjbbNrLbFDYP7hcx02TmCfSMut+ysaZ/blay4Sbb\nwNlt92KhJw07UEKgXXbgyXGoFQkU8V+r2AZcgt0XM9jvwTc01Sbq/gegd2GMAj3x\nrTwkn5UNzFs56FCgNg==\n-----END CERTIFICATE-----"
}'
  1. You should receive a response with the updated value and the Active status:
{
    "results": {
        "id": <digital_certificate_id>,
        "name": "New CSR",
        "issuer": null,
        "subject_name": [],
        "validity": null,
        "status": "Active",
        "certificate_type": "edge_certificate",
        "managed": false,
        "azion_information": "",
        "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIDGTCCAgECAQAwgdMxEDAOBgNVBAoMB0V4YW1wbGUxCzAJBgNVBAsMAklUMRQw\nEgYDVQQDDAtleGFtcGxlOp5ldDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp\nbmd0b24xEDAOBgNVBAcMB1NlYXR9uGUxJzAlBgkqhkiG9w0BCQEWGGl0ZGVwYXJ0\nbWVudEBleGFtcGxlLmNvbTE/MD0GA1UdEQw2d3d3LmV4YW1wbGUubmV0LCBtYWls\nLmV4YW1wbGUuuMV0LCBzdXBwb3J0LmV4YW1wbGUubmV0MIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAt4yjDFvBt4XZzhlOPsw5JTITbWLFBu9YwfJJReWk\nlNQrcO5Ao8gIvp2T3XVNwOGsVEtAcKbw/YvftkqXLl81Jo1sMKyoRG8MTauUF3G9\n7EoyNAJ3ddyUlDYiA1VPz//PrCJ0PNwG7C+yL40OW2AM7zduHTyCXWUKxsGJ3QW8\nf4ePje89x7AtSsqHz486mZ6g6xxcj9j8FcFx9LdaElMfnQ0Mekp7nkdcPul9hR/s\ngKkAOg7sXXf88NDTYc69bR99NTFj9iyBz53M7Uied7KPJjFrpmxKh5KT2TCEqFrQ\nyk3Trc9NHLCpw9M5AyOqgwcZYcEtiZP9xQu3nMzxFdBnSwIDAQABoAAwDQYJKoZI\nhvcNAQELBQADggEBABDUzbxE6s+1dOvBTV1j1wJlY4GciGFsRUG2TT9LS8Oh8XDP\nx1DJlL8yjxdC/otPZiH1H7sLVofz0E9esn+SN2ys22WV9ujWD88Wq+M6UtsAvti0\nxh5p5pX//xbdqadl18OgmZbyO3FoKZInFRIovndYyBdSK/csXj0O7GL3cRfufXNU\n+8DDOUJJR41RM+7KfGn1G1nsCpOVDjBjuNq0AjDPCK7ASC0suA6pZlzfic2gAIvI\nqvrMxcbOAg9rJRtXqNrD5YlV6thCeHqme1TZNoUC5k6CWdOKeez8W2ovni5ZivNn\nGrSOKksZHTF1GM6KmPm0eGcNV1/3+DynNJ4wbPA=\n-----END CERTIFICATE REQUEST-----\n",
        "certificate_content": "-----BEGIN CERTIFICATE——\nADgPIWMQBAKIAMSACGAgI3fGBMTHXI0bDTCIGIVCGuMgNAEGABQsBApCBqMJUwSx\nA2RFjv0gdbMhM0MA0hzAbAIHE53WMwwBMHpjwNwj35MzgNtTbIiywTMOWdcMWcje\gaBkDAkjQcGi0bB9WI0A1IdRjDA3bQlBXkqwWFOD4B2wwh3I2hMMVtu9YuYbNkBT\AQEFAAOCAQ8AMIIBCgKCAQEAt25cziDBsHbZzZhy9BPLApPf9OmE67k9pr7VezsR\nkIw4trY2xtJXFB7itT1p7HxbLBoL5u8FGmMKssB+XTmztmgty43ogor1KSjUgfZg\nrpAqyXtrbSM5g+14c0VO9S0LkkePlHvul0UiblJj7K+gkvc6sZqXZY+TI1BPqeuO\ns9A4LLCUGziyNv0qJfIL5RZm07Yy35BEBTTxUWVL2msfaUH2uPM5XN5eFC7oKN0/\n3NuYIboRmyk+P7CDC99M8Mp/wOjiB+yVGZVTjeqGPI8nFWJl2waXkc54VvW84xQP\njwtid1v1KENK/ixMAAXi2cQ9gNRX+/USoneuWj5n4QUj6QIDAQABo1AwTjAdBgNV\nHQ4EFgQU2sDgtyYMDXvw79OhdvAFqcLmcwkwHwYDVR0jBBgwFoAU2sDgtyYMDXvw\n79OhdvAFqcLmcwkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAKzCM\niG67IPwJK6MIJ31N734AofnjLf+fffxNtfYmH0XGORHPYUxCxsLxXiSFgPvubWh+\Lahvmz0plDObtDb8DnqbDP8OnxKxBIsNT1WJdlS9dgB4+0YOhmpfQXM3nDuP06v7m+fnK8bF6lW0jwIA87/u5b/RVOz1htMNLoF8BvLi6\7ODLTv5oZ6Wwhf1tNADmSHz3l\n6ra9d8oa6jK1fe2/5A7LY41acjbbNrLbFDYP7hcx02TmCfSMut+ysaZ/blay4Sbb\nwNlt92KhJw07UEKgXXbgyXGoFQkU8V+r2AZcgt0XM9jvwTc01Sbq/gegd2GMAj3x\nrTwkn5UNzFs56FCgNg==\n-----END CERTIFICATE-----"
    }
}


Contributors