How to acquire and register a Digital Certificate with Azion

Digital Certificates are essential to provide your infrastructure with reliability and compliance with data protection regulations. At Azion, you have several options to secure your domains with TLS certificates. Aside from registering a certificate and private key that you already own, you can also request a Let’s Encrypt certificate for your domain.

If you don’t own a certificate, you can issue a request through Azion and submit it to a certificate authority. This guide will describe how you can generate a Certificate Singing Request (CSR) through Azion.

A CSR is an encrypted request to a Certificate Authority (CA) for issuance of a digital certificate. You can provide Azion with your business details to automatically generate the CSR for you. After it’s created, you can submit it to any CA of your choosing. They’ll review your request and, if approved, issue an authenticated certificate. You then use the certificate provided by the CA to register it with Azion and associate it with a domain.


Step 1. Create a Certificate Singing Request (CSR)

  1. Run the following POST request in your terminal, replacing [TOKEN VALUE] with your personal token and the placeholders in the body with the desired values:
curl --location 'https://api.azionapi.net/digital_certificates/csr' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token {{[TOKEN VALUE]}}' \
--header 'Content-Type: application/json' \
--data-raw '{ "name": "New CSR", "common_name": "domain.net", "country": "US", "state": "Washington", "locality": "Seattle", "organization": "Example", "organization_unity": "IT", "email": "itdepartment@example.com", "private_key_type": "rsa_2048", "sans": [ "www.domain.net", "mail.domain.net", "support.domain.net" ]
}'
KeyDescription
nameName of the CSR
common_nameAccepts a string that should contain the apex domain address that’ll be bound to the certificate
countryAccepts a two-character string that should contain the country code of where your organization is based
stateAccepts a string that should contain the state or province where your organization is based
localityAccepts a string that should contain the city or county where your organization is based
organizationAccepts a string that should contain your organization’s name
organization unitAccepts a string that should contain the department or body responsible for managing the certificate
emailAccepts a string that should contain the email of the body responsible for managing the certificate
private_key_typeEnum that should contain the type of private key generated. Accepts only the value rsa_2048
sansAccepts an array. List of other names or records to be associated with the certificate as SANs. Optional
  1. You’ll receive a response similar to this:
{ "results": { "id": <digital_certificate_id>, "name": "New CSR", "issuer": null, "subject_name": [], "validity": null, "status": "Pending", "certificate_type": "edge_certificate", "managed": false, "azion_information": "", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIDGTCCAgECAQAwgdMxEDAOBgNVBAoMB0V4YW1wbGUxCzAJBgNVBAsMAklUMRQw\nEgYDVQQDDAtleGFtcGxlOp5ldDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp\nbmd0b24xEDAOBgNVBAcMB1NlYXR9uGUxJzAlBgkqhkiG9w0BCQEWGGl0ZGVwYXJ0\nbWVudEBleGFtcGxlLmNvbTE/MD0GA1UdEQw2d3d3LmV4YW1wbGUubmV0LCBtYWls\nLmV4YW1wbGUuuMV0LCBzdXBwb3J0LmV4YW1wbGUubmV0MIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAt4yjDFvBt4XZzhlOPsw5JTITbWLFBu9YwfJJReWk\nlNQrcO5Ao8gIvp2T3XVNwOGsVEtAcKbw/YvftkqXLl81Jo1sMKyoRG8MTauUF3G9\n7EoyNAJ3ddyUlDYiA1VPz//PrCJ0PNwG7C+yL40OW2AM7zduHTyCXWUKxsGJ3QW8\nf4ePje89x7AtSsqHz486mZ6g6xxcj9j8FcFx9LdaElMfnQ0Mekp7nkdcPul9hR/s\ngKkAOg7sXXf88NDTYc69bR99NTFj9iyBz53M7Uied7KPJjFrpmxKh5KT2TCEqFrQ\nyk3Trc9NHLCpw9M5AyOqgwcZYcEtiZP9xQu3nMzxFdBnSwIDAQABoAAwDQYJKoZI\nhvcNAQELBQADggEBABDUzbxE6s+1dOvBTV1j1wJlY4GciGFsRUG2TT9LS8Oh8XDP\nx1DJlL8yjxdC/otPZiH1H7sLVofz0E9esn+SN2ys22WV9ujWD88Wq+M6UtsAvti0\nxh5p5pX//xbdqadl18OgmZbyO3FoKZInFRIovndYyBdSK/csXj0O7GL3cRfufXNU\n+8DDOUJJR41RM+7KfGn1G1nsCpOVDjBjuNq0AjDPCK7ASC0suA6pZlzfic2gAIvI\nqvrMxcbOAg9rJRtXqNrD5YlV6thCeHqme1TZNoUC5k6CWdOKeez8W2ovni5ZivNn\nGrSOKksZHTF1GM6KmPm0eGcNV1/3+DynNJ4wbPA=\n-----END CERTIFICATE REQUEST-----\n", "certificate_content": null }
}
KeyDescription
idDigital certificate ID
issuerStores the information on the CA that’ll issue the certificate
subject_nameArray that lists the records associated with the certificate and confirmed by the CA
validityExpiration date of the certificate
statusEnum that indicates the status of the certificate. Returns Pending when the certificate hasn’t yet been generated by the CA. Returns Active when the certificate has been registered with Azion
certificate_typeEnum that indicates the type of the certificate. CSR certificates are assigned the value edge_certificates
managedBoolean that flags whether the certificate is managed by Azion’s certificate tool. Not applicable to CSR certificates
azion_informationString that updates the status of certificates managed by Azion’s certificate tool. Not applicable to CSR certificates
csrString that holds the certificate signing request to be submitted to a CA for issuance. Includes the escape sequence \n that may require conversion to a line feed upon submission to a CA
certificate_contentKey that should be updated via PATCH with the certificate generated by the CA
  1. Copy and store the CSR value in the csr property.

Step 2. Submit the CSR to a Certificate Authority

Once you’ve generated your CSR with Azion, the next step is to submit it to a Certificate Authority (CA). This can usually be done online. You’ll need to begin by choosing a CA that suits the needs and standards of your organization. Some popular choices are:

Whichever CA you choose will validate the information in the CSR generated against an agreed standard. Once validated, the CA will issue a TLS certificate for your application, which can then be registered to Azion and associated with a domain.


Step 3. Register the issued certificate with Azion

Once you receive a certificate issued by your CA, you must associate it with the CSR entry you created. After your certificate is active with Azion, you may associate the certificate to a domain.

  1. Access Azion Console > Digital Certificates.
  2. Select the CSR you created.
  3. Paste the certificate code, including the begin and end tags, into the Certificate field.
  4. Click the Save button.


Contributors