How to acquire and register a Digital Certificate with Azion

Digital Certificates are essential to provide your infrastructure with reliability and compliance with data protection regulations. At Azion, you have several options to secure your domains with TLS certificates. Aside from registering a certificate and private key that you already own, you can also request a Let’s Encrypt certificate for your domain.

If you don’t own a certificate, you can issue a request through Azion and submit it to a certificate authority. This guide will describe how you can generate a Certificate Singing Request (CSR) through Azion.

A CSR is an encrypted request to a Certificate Authority (CA) for issuance of a digital certificate. You can provide Azion with your business details to automatically generate the CSR for you. After it’s created, you can submit it to any CA of your choosing. They’ll review your request and, if approved, issue an authenticated certificate. You then use the certificate provided by the CA to register it with Azion and associate it with a domain.

Step 1. Create a Certificate Singing Request (CSR)

Run the following POST request in your terminal, replacing [TOKEN VALUE] with your personal token and the placeholders in the body with the desired values:

curl --location 'https://api.azionapi.net/digital_certificates/csr' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token {{[TOKEN VALUE]}}' \
--header 'Content-Type: application/json' \
--data-raw '{ "name": "New CSR", "common_name": "domain.net", "country": "US", "state": "Washington", "locality": "Seattle", "organization": "Example", "organization_unity": "IT", "email": "itdepartment@example.com", "private_key_type": "rsa_2048", "sans": [ "www.domain.net", "mail.domain.net", "support.domain.net" ]
}'

Key	Description
`name`	Name of the CSR
`common_name`	Accepts a string that should contain the apex domain address that’ll be bound to the certificate
`country`	Accepts a two-character string that should contain the country code of where your organization is based
`state`	Accepts a string that should contain the state or province where your organization is based
`locality`	Accepts a string that should contain the city or county where your organization is based
`organization`	Accepts a string that should contain your organization’s name
`organization unit`	Accepts a string that should contain the department or body responsible for managing the certificate
`email`	Accepts a string that should contain the email of the body responsible for managing the certificate
`private_key_type`	Enum that should contain the type of private key generated. Accepts only the value `rsa_2048`
`sans`	Accepts an array. List of other names or records to be associated with the certificate as SANs. Optional

You’ll receive a response similar to this:

{ "results": { "id": <digital_certificate_id>, "name": "New CSR", "issuer": null, "subject_name": [], "validity": null, "status": "Pending", "certificate_type": "edge_certificate", "managed": false, "azion_information": "", "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIDGTCCAgECAQAwgdMxEDAOBgNVBAoMB0V4YW1wbGUxCzAJBgNVBAsMAklUMRQw\nEgYDVQQDDAtleGFtcGxlOp5ldDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp\nbmd0b24xEDAOBgNVBAcMB1NlYXR9uGUxJzAlBgkqhkiG9w0BCQEWGGl0ZGVwYXJ0\nbWVudEBleGFtcGxlLmNvbTE/MD0GA1UdEQw2d3d3LmV4YW1wbGUubmV0LCBtYWls\nLmV4YW1wbGUuuMV0LCBzdXBwb3J0LmV4YW1wbGUubmV0MIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAt4yjDFvBt4XZzhlOPsw5JTITbWLFBu9YwfJJReWk\nlNQrcO5Ao8gIvp2T3XVNwOGsVEtAcKbw/YvftkqXLl81Jo1sMKyoRG8MTauUF3G9\n7EoyNAJ3ddyUlDYiA1VPz//PrCJ0PNwG7C+yL40OW2AM7zduHTyCXWUKxsGJ3QW8\nf4ePje89x7AtSsqHz486mZ6g6xxcj9j8FcFx9LdaElMfnQ0Mekp7nkdcPul9hR/s\ngKkAOg7sXXf88NDTYc69bR99NTFj9iyBz53M7Uied7KPJjFrpmxKh5KT2TCEqFrQ\nyk3Trc9NHLCpw9M5AyOqgwcZYcEtiZP9xQu3nMzxFdBnSwIDAQABoAAwDQYJKoZI\nhvcNAQELBQADggEBABDUzbxE6s+1dOvBTV1j1wJlY4GciGFsRUG2TT9LS8Oh8XDP\nx1DJlL8yjxdC/otPZiH1H7sLVofz0E9esn+SN2ys22WV9ujWD88Wq+M6UtsAvti0\nxh5p5pX//xbdqadl18OgmZbyO3FoKZInFRIovndYyBdSK/csXj0O7GL3cRfufXNU\n+8DDOUJJR41RM+7KfGn1G1nsCpOVDjBjuNq0AjDPCK7ASC0suA6pZlzfic2gAIvI\nqvrMxcbOAg9rJRtXqNrD5YlV6thCeHqme1TZNoUC5k6CWdOKeez8W2ovni5ZivNn\nGrSOKksZHTF1GM6KmPm0eGcNV1/3+DynNJ4wbPA=\n-----END CERTIFICATE REQUEST-----\n", "certificate_content": null }
}

Key	Description
`id`	Digital certificate ID
`issuer`	Stores the information on the CA that’ll issue the certificate
`subject_name`	Array that lists the records associated with the certificate and confirmed by the CA
`validity`	Expiration date of the certificate
`status`	Enum that indicates the status of the certificate. Returns `Pending` when the certificate hasn’t yet been generated by the CA. Returns `Active` when the certificate has been registered with Azion
`certificate_type`	Enum that indicates the type of the certificate. CSR certificates are assigned the value `edge_certificates`
`managed`	Boolean that flags whether the certificate is managed by Azion’s certificate tool. Not applicable to CSR certificates
`azion_information`	String that updates the status of certificates managed by Azion’s certificate tool. Not applicable to CSR certificates
`csr`	String that holds the certificate signing request to be submitted to a CA for issuance. Includes the escape sequence `\n` that may require conversion to a line feed upon submission to a CA
`certificate_content`	Key that should be updated via `PATCH` with the certificate generated by the CA

Copy and store the CSR value in the csr property.

Access Azion Console > Digital Certificates.
Click the + Digital Certificate button.
Give your CSR an easy-to-remember name.
Select the option Request a certificate.
Fill in the requested information.

Subject Name: the apex domain address that will be bound to the certificate. Example: domain.org.
Country/Region: the two-letter country code of where your organization is based. Example: BR for Brazil.
State/Province: the state or province where your organization is based. Example: Distrito Federal.
City/Locality: the city or county where your organization is based. Example: Brasília.
Organization: your organization’s name. Example: Company Name Inc.
Organization Unit: the department or body responsible for managing the certificate. Example: IT Department.
Email: the email of the body responsible for managing the certificate. Example: it@companyinc.org.
Private Key Type: the type of private key generated. Azion currently only works with RSA 2048 encryption.
Subject Alternative Names (SAN): list of other names or records to be associated with the certificate as SANs. Separate each SAN by a new line. Example: domain.net.

Click the Save button.
Copy the value in the Certificate Singing Request (CSR) field.

Access Real-Time Manager (RTM) > Digital Certificates.
Click the Add certificate button.
In the dropdown, select Edge Certificate.
Give your CSR an easy-to-remember name.
Select the option Generate CSR and private key with Azion.
Fill in the requested information.

Common Name: the apex domain address that will be bound to the certificate. Example: domain.org.
Country/Region: the two-letter country code of where your organization is based. Example: BR for Brazil.
State/Province: the state or province where your organization is based. Example: Distrito Federal.
City/Locality: the city or county where your organization is based. Example: Brasília.
Organization: your organization’s name. Example: Company Name Inc.
Organization Unit: the department or body responsible for managing the certificate. Example: IT Department.
Email: the email of the body responsible for managing the certificate. Example: it@companyinc.org.
Private Key Type: the type of private key generated. Azion currently only works with RSA 2048 encryption.
Subject Alternative Names (SAN): list of other names or records to be associated with the certificate as SANs. Separate each SAN by a new line. Example: domain.net.

Click the Save button.
Copy the value in the Certificate Singing Request (CSR) field.

Step 2. Submit the CSR to a Certificate Authority

Once you’ve generated your CSR with Azion, the next step is to submit it to a Certificate Authority (CA). This can usually be done online. You’ll need to begin by choosing a CA that suits the needs and standards of your organization. Some popular choices are:

Whichever CA you choose will validate the information in the CSR generated against an agreed standard. Once validated, the CA will issue a TLS certificate for your application, which can then be registered to Azion and associated with a domain.

Step 3. Register the issued certificate with Azion

Once you receive a certificate issued by your CA, you must associate it with the CSR entry you created. After your certificate is active with Azion, you may associate the certificate to a domain.

Access Azion Console > Digital Certificates.
Select the CSR you created.
Paste the certificate code, including the begin and end tags, into the Certificate field.
Click the Save button.

Run the following PATCH request in your terminal, replacing [TOKEN VALUE] with your personal token, the <digital_certificate_id> with the ID you got in the previous response and the certificate in the certificate_content key:

curl --location 'https://api.azionapi.net/digital_certificates/<digital_certificate_id>' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token {{[TOKEN VALUE]}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "certificate_content": "-----BEGIN CERTIFICATE——\nADgPIWMQBAKIAMSACGAgI3fGBMTHXI0bDTCIGIVCGuMgNAEGABQsBApCBqMJUwSx\nA2RFjv0gdbMhM0MA0hzAbAIHE53WMwwBMHpjwNwj35MzgNtTbIiywTMOWdcMWcje\gaBkDAkjQcGi0bB9WI0A1IdRjDA3bQlBXkqwWFOD4B2wwh3I2hMMVtu9YuYbNkBT\AQEFAAOCAQ8AMIIBCgKCAQEAt25cziDBsHbZzZhy9BPLApPf9OmE67k9pr7VezsR\nkIw4trY2xtJXFB7itT1p7HxbLBoL5u8FGmMKssB+XTmztmgty43ogor1KSjUgfZg\nrpAqyXtrbSM5g+14c0VO9S0LkkePlHvul0UiblJj7K+gkvc6sZqXZY+TI1BPqeuO\ns9A4LLCUGziyNv0qJfIL5RZm07Yy35BEBTTxUWVL2msfaUH2uPM5XN5eFC7oKN0/\n3NuYIboRmyk+P7CDC99M8Mp/wOjiB+yVGZVTjeqGPI8nFWJl2waXkc54VvW84xQP\njwtid1v1KENK/ixMAAXi2cQ9gNRX+/USoneuWj5n4QUj6QIDAQABo1AwTjAdBgNV\nHQ4EFgQU2sDgtyYMDXvw79OhdvAFqcLmcwkwHwYDVR0jBBgwFoAU2sDgtyYMDXvw\n79OhdvAFqcLmcwkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAKzCM\niG67IPwJK6MIJ31N734AofnjLf+fffxNtfYmH0XGORHPYUxCxsLxXiSFgPvubWh+\Lahvmz0plDObtDb8DnqbDP8OnxKxBIsNT1WJdlS9dgB4+0YOhmpfQXM3nDuP06v7m+fnK8bF6lW0jwIA87/u5b/RVOz1htMNLoF8BvLi6\7ODLTv5oZ6Wwhf1tNADmSHz3l\n6ra9d8oa6jK1fe2/5A7LY41acjbbNrLbFDYP7hcx02TmCfSMut+ysaZ/blay4Sbb\nwNlt92KhJw07UEKgXXbgyXGoFQkU8V+r2AZcgt0XM9jvwTc01Sbq/gegd2GMAj3x\nrTwkn5UNzFs56FCgNg==\n-----END CERTIFICATE-----"
}'

You should receive a response with the updated value and the Active status:

{
    "results": {
        "id": <digital_certificate_id>,
        "name": "New CSR",
        "issuer": null,
        "subject_name": [],
        "validity": null,
        "status": "Active",
        "certificate_type": "edge_certificate",
        "managed": false,
        "azion_information": "",
        "csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIDGTCCAgECAQAwgdMxEDAOBgNVBAoMB0V4YW1wbGUxCzAJBgNVBAsMAklUMRQw\nEgYDVQQDDAtleGFtcGxlOp5ldDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp\nbmd0b24xEDAOBgNVBAcMB1NlYXR9uGUxJzAlBgkqhkiG9w0BCQEWGGl0ZGVwYXJ0\nbWVudEBleGFtcGxlLmNvbTE/MD0GA1UdEQw2d3d3LmV4YW1wbGUubmV0LCBtYWls\nLmV4YW1wbGUuuMV0LCBzdXBwb3J0LmV4YW1wbGUubmV0MIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAt4yjDFvBt4XZzhlOPsw5JTITbWLFBu9YwfJJReWk\nlNQrcO5Ao8gIvp2T3XVNwOGsVEtAcKbw/YvftkqXLl81Jo1sMKyoRG8MTauUF3G9\n7EoyNAJ3ddyUlDYiA1VPz//PrCJ0PNwG7C+yL40OW2AM7zduHTyCXWUKxsGJ3QW8\nf4ePje89x7AtSsqHz486mZ6g6xxcj9j8FcFx9LdaElMfnQ0Mekp7nkdcPul9hR/s\ngKkAOg7sXXf88NDTYc69bR99NTFj9iyBz53M7Uied7KPJjFrpmxKh5KT2TCEqFrQ\nyk3Trc9NHLCpw9M5AyOqgwcZYcEtiZP9xQu3nMzxFdBnSwIDAQABoAAwDQYJKoZI\nhvcNAQELBQADggEBABDUzbxE6s+1dOvBTV1j1wJlY4GciGFsRUG2TT9LS8Oh8XDP\nx1DJlL8yjxdC/otPZiH1H7sLVofz0E9esn+SN2ys22WV9ujWD88Wq+M6UtsAvti0\nxh5p5pX//xbdqadl18OgmZbyO3FoKZInFRIovndYyBdSK/csXj0O7GL3cRfufXNU\n+8DDOUJJR41RM+7KfGn1G1nsCpOVDjBjuNq0AjDPCK7ASC0suA6pZlzfic2gAIvI\nqvrMxcbOAg9rJRtXqNrD5YlV6thCeHqme1TZNoUC5k6CWdOKeez8W2ovni5ZivNn\nGrSOKksZHTF1GM6KmPm0eGcNV1/3+DynNJ4wbPA=\n-----END CERTIFICATE REQUEST-----\n",
        "certificate_content": "-----BEGIN CERTIFICATE——\nADgPIWMQBAKIAMSACGAgI3fGBMTHXI0bDTCIGIVCGuMgNAEGABQsBApCBqMJUwSx\nA2RFjv0gdbMhM0MA0hzAbAIHE53WMwwBMHpjwNwj35MzgNtTbIiywTMOWdcMWcje\gaBkDAkjQcGi0bB9WI0A1IdRjDA3bQlBXkqwWFOD4B2wwh3I2hMMVtu9YuYbNkBT\AQEFAAOCAQ8AMIIBCgKCAQEAt25cziDBsHbZzZhy9BPLApPf9OmE67k9pr7VezsR\nkIw4trY2xtJXFB7itT1p7HxbLBoL5u8FGmMKssB+XTmztmgty43ogor1KSjUgfZg\nrpAqyXtrbSM5g+14c0VO9S0LkkePlHvul0UiblJj7K+gkvc6sZqXZY+TI1BPqeuO\ns9A4LLCUGziyNv0qJfIL5RZm07Yy35BEBTTxUWVL2msfaUH2uPM5XN5eFC7oKN0/\n3NuYIboRmyk+P7CDC99M8Mp/wOjiB+yVGZVTjeqGPI8nFWJl2waXkc54VvW84xQP\njwtid1v1KENK/ixMAAXi2cQ9gNRX+/USoneuWj5n4QUj6QIDAQABo1AwTjAdBgNV\nHQ4EFgQU2sDgtyYMDXvw79OhdvAFqcLmcwkwHwYDVR0jBBgwFoAU2sDgtyYMDXvw\n79OhdvAFqcLmcwkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAKzCM\niG67IPwJK6MIJ31N734AofnjLf+fffxNtfYmH0XGORHPYUxCxsLxXiSFgPvubWh+\Lahvmz0plDObtDb8DnqbDP8OnxKxBIsNT1WJdlS9dgB4+0YOhmpfQXM3nDuP06v7m+fnK8bF6lW0jwIA87/u5b/RVOz1htMNLoF8BvLi6\7ODLTv5oZ6Wwhf1tNADmSHz3l\n6ra9d8oa6jK1fe2/5A7LY41acjbbNrLbFDYP7hcx02TmCfSMut+ysaZ/blay4Sbb\nwNlt92KhJw07UEKgXXbgyXGoFQkU8V+r2AZcgt0XM9jvwTc01Sbq/gegd2GMAj3x\nrTwkn5UNzFs56FCgNg==\n-----END CERTIFICATE-----"
    }
}