---
title: Managing certificate signing requests
description: Generate a certificate signing request (CSR) or import a CSR response.
component: pingaccess
version: 9.0
page_id: pingaccess:pingaccess_user_interface_reference_guide:pa_managing_csrs
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/pingaccess_user_interface_reference_guide/pa_managing_csrs.html
revdate: September 19, 2023
section_ids:
  about-this-task: About this task
  generating-certificate-signing-requests: Generating certificate signing requests
  about-this-task-2: About this task
  steps: Steps
  result: Result:
  next-steps: Next steps
  importing-certificate-signing-request-responses: Importing certificate signing request responses
  before-you-begin: Before you begin
  about-this-task-3: About this task
  steps-2: Steps
---

# Managing certificate signing requests

Generate a certificate signing request (CSR) *(tooltip: \<div class="paragraph">
\<p>A message sent to a certificate authority in order to apply for a digital identity certificate.\</p>
\</div>)* or import a CSR response.

## About this task

* [Generate a CSR](pa_generating_certificate_signing_requests.html) to establish more security and trust than using a self-signed certificate.

* [Import a CSR response](pa_importing_certificate_signing_request_responses.html) to replace the self-signed certificate in a key pair *(tooltip: \<div class="paragraph">
  \<p>The private key and public key represented by a certificate.\</p>
  \</div>)*.

## Generating certificate signing requests

### About this task

To generate a CSR:

### Steps

1. Click **Security**, then go to **Key Pairs > Key Pairs**.

2. Click the **Pencil** icon, then click **Generate CSR** for the certificate that you want to generate a CSR for.

   #### Result:

   PingAccess generates a CSR file, and your browser downloads it.

3. Provide this file to a certificate authority (CA) *(tooltip: \<div class="paragraph">
   \<p>An entity that issues digital certificates.\</p>
   \</div>)*.

   The CA signs the file and provides a CSR response that you can upload and use to replace the self-signed certificate. If the CA is well known, its certificates are installed by default in most browsers and the user is not prompted to trust an unknown certificate.

### Next steps

When you receive the CSR response, follow the instructions in [Importing certificate signing request responses](pa_importing_certificate_signing_request_responses.html).

## Importing certificate signing request responses

### Before you begin

Before you import the CSR response, import the signing CA certificate into PingAccess and add it to a [Trusted Certificate Group](pa_adding_certificates_to_trusted_certificate_groups.html).

### About this task

To import a CSR response:

### Steps

1. Click **Security**, then go to **Key Pairs > Key Pairs**.

2. Click the **Pencil** icon, and then click **CSR Response** for the key pair that the CSR applies to.

3. To select the CSR response file, in the **CSR Response File** section, click **Choose File**.

4. **Optional:** To choose one or more chain certificate files associated with this key pair, in the **Chain Certificates** section, click **Choose Files**.

5. Click **Save**.