CSR Requirements

To obtain, reissue, or renew a TLS certificate, you must first generate a Certificate Signing Request The way information is returned from an API. In a request, the client provides a resource URL with the proper authorization to an API server. The API returns a response with the information requested. (CSR Certificate Signing Request is a block of encoded text given to a Certificate Authority when applying for an SSL Certificate. It also contains the Public Key to include in the certificate. Usually, a Private Key is created at the same time, making a Key Pair.) that identifies your server. You will need to know your Participant ID Registered participant identifier; A company can have more than one Participant ID. or the unique FQDN to identify the organisation to AEMO Australian Energy Market Operator.

Instructions for generating the CSR depends on your server and operating system.

Before you begin, ensure that you do not set the Challenge password. To create a new Certificate-Signing-Request (CSR), provide the following information:


Requirement

Details

CN (common name)

Preferred format

Using the Participant ID:

<ID>-<NonProd | Prod>

For example, NEMMCO-NonProd

 

If you have more than one Participant ID, you can use the same certificate for more than one ID or you can obtain a certificate per ID.​

 

Optional format

Any Fully Qualified Domain Name (FQDN) that uniquely identifies the intended environment (pre-production or production) and your organisation

For example, a1.nonprod-api.yourdomain.com.au

 

The length of the CN field is limited to 64 characters.

AEMO can only issue a certificate CN using:

  • Lowercase letters a–z
  • Uppercase letters A–Z
  • Digits 0–9
  • Special characters: period (.) and hyphen (-)

To use a FQDN in your certificate, submit an AEMO Request to Manage TLS Certificates. The Markets Portal application and API does not allow you to set a FQDN.

OU

AEMO overwrites the OU and remaining fields in the subject attribute.

Public key algorithm

2048 bits RSA

Signature algorithm

SHA-2

Example CSR file

The CSR file contains text that looks similar to the following example. The BEGIN and END lines must be present.

Copy
-----BEGIN CERTIFICATE REQUEST-----
MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
-----END CERTIFICATE REQUEST-----

For more information on how to generate a CSR, refer to this DigiCert resource: https://www.digicert.com/csr-creation.htm