Create Certificate Request Job

A certificate request job is the process of generating and submitting a Certificate Signing Request (CSR) to a Certificate Authority (CA) in order to obtain an SSL/TLS certificate, which secures communication on sites and deploys on the machine or server,

Follow these steps to create a certificate request job:

Navigate to Jobs > Certificate Requests > Jobs > Create Job.

Create New: Certificate Request Job page is displayed.
On Basic Information tab, enter the Name and Description of the job and click Next.
On CSR Creation tab, select Certificate Authority and Issuing Template from drop-down menu.

You need to select CSR Generation Method.

You can refer to right pane for information allowed in issuing template.
Select Qualys Automated Certificate Request as CSR Generation Method.
- Provide the Common Name and Subject Alternative Names.
- Provide CSR Parameters such as Organization (O), Organization Unit (OU), Locality ( L), State (ST), and Country (C).
- From the drop-down, select Key Algorithm.
Or alternatively, you can select Generate CSR and Private Key Myself.

You can either drag and drop your private key or browse your machine to find it and upload it.
To add assets, click Next.
On Select Asset tab, click to select assets from the Include Assets section.
You can Include hosts for the tags using icon.
Once you add the required assets, click Next to select Pre-actions.

This is an optional step, which you can use if you need to perform some actions before the deployment starts. For example, this Bash script performs a pre-deployment check on an SSL certificate to ensure its availability and validity before proceeding with deployment.

Sample of Pre-actionSample of Pre-action

This Bash script verifies the SSL certificate deployment process. It restarts the Nginx service to simulate deployment, checks if the SSL certificate (/etc/pki/nginx/cert/server.crt) is present post-deployment, and then displays important certificate details such as validity period, issuer, subject, serial number, and SHA-256 fingerprint using OpenSSL. The script ensures both the successful restart of Nginx and the integrity of the deployed certificate, exiting with an error if any issue is detected.
#!/bin/bash

# -------------------------------
# Pre-Deployment SSL Certificate Check
# -------------------------------

# Define the path to the SSL certificate you want to check.
CERT_PATH="/etc/pki/nginx/cert/server.crt"

echo "==========================================="
echo "SSL Certificate Pre-Deployment Checker"
echo "==========================================="

# Inform user about the certificate path being checked
echo "Checking for certificate at: $CERT_PATH"
echo ""

# Check if the certificate file exists
if [ -f "$CERT_PATH" ]; then
echo "Certificate FOUND at $CERT_PATH"
echo ""
echo "Retrieving Certificate Information:"
echo "-------------------------------------------"

echo "Validity Period:"
openssl x509 -in "$CERT_PATH" -noout -dates
echo ""

echo "Issuer Information:"
openssl x509 -in "$CERT_PATH" -noout -issuer
echo ""

echo "Subject Information:"
openssl x509 -in "$CERT_PATH" -noout -subject
echo ""

echo "Serial Number:"
openssl x509 -in "$CERT_PATH" -noout -serial
echo ""

echo "SHA-256 Fingerprint:"
openssl x509 -in "$CERT_PATH" -noout -fingerprint -sha256
echo ""

echo "==========================================="
echo "Certificate check completed successfully"
echo "==========================================="

else
echo "ERROR: Certificate does NOT exist at $CERT_PATH"
echo "Please verify the path or generate a new certificate."
echo "==========================================="
exit 1
fi
On Select Pre-action tab, click to add Pre-Action.
- Provide Action Name.
- Enter Custom Shell Script.
- Click Add.
Your Pre-Action gets added.
To view the Deploy Options, click Next.
On Deploy Options tab, provide Absolute Private Key Path, Absolute Certificate Path, and Absolute Certificate Chain Path and click Next.

These paths are needed to save the private key, certificate path, and certificate chain path generated.

The Certificate View feature automatically creates a backup directory named qualys_certview at the location you provide. This directory saves your private key, certificate path, and certificate chain path in a backup file. The newly generated keys will serve as your local keys. In the event of any issues in the future, you can use these backup files to restore your certificates.
On Select Post-action tab, click to add Post-Action.
- Provide Action Name.
- Enter Custom Shell Script.
- Click Add.
  
  Sample of Post ActionSample of Post Action
  
  This Bash script verifies the SSL certificate deployment process. It restarts the Nginx service to simulate deployment, checks if the SSL certificate (/etc/pki/nginx/cert/server.crt) is present post-deployment, and then displays important certificate details such as validity period, issuer, subject, serial number, and SHA-256 fingerprint using OpenSSL. The script ensures both the successful restart of Nginx and the integrity of the deployed certificate, exiting with an error if any issue is detected.
  PostActionScript 1.txt
  
  #!/bin/bash
  
  # -------------------------------
  # Verify SSL Deployment Action
  # -------------------------------
  
  CERT_PATH="/etc/pki/nginx/cert/server.crt"
  
  # Step 1: Start/Restart Nginx (simulate deployment)
  echo "Restarting Nginx service..."
  if ! systemctl restart nginx; then
  echo "ERROR: Failed to restart Nginx. Please check the Nginx configuration or logs."
  exit 1
  fi
  
  # Optional: Small delay to ensure Nginx reloads
  sleep 2
  
  # Step 2: Check cert info again after "deployment"
  if [ ! -f "$CERT_PATH" ]; then
  echo "ERROR: Certificate missing after deployment"
  exit 1
  fi
  
  echo "==========================================="
  echo "Checking deployed certificate info..."
  echo "==========================================="
  
  echo "Validity Period:"
  openssl x509 -in "$CERT_PATH" -noout -dates
  echo ""
  
  echo "Issuer Information:"
  openssl x509 -in "$CERT_PATH" -noout -issuer
  echo ""
  
  echo "Subject Information:"
  openssl x509 -in "$CERT_PATH" -noout -subject
  echo ""
  
  NEW_SERIAL=$(openssl x509 -in "$CERT_PATH" -noout -serial | awk -F= '{print $2}')
  echo "Serial Number: $NEW_SERIAL"
  echo ""
  
  NEW_FINGERPRINT=$(openssl x509 -in "$CERT_PATH" -noout -fingerprint -sha256 | awk -F= '{print $2}')
  echo "SHA-256 Fingerprint: $NEW_FINGERPRINT"
  echo "-------------------------------------------"
  
  echo "==========================================="
  echo "SSL Deployment Verification Completed"
  echo "==========================================="
  
  Your Post-Action gets added.
To view the Schedule tab, click Next.
Schedule the Deployment as per your requirements.
- On Demand: You can schedule the job deployment immediately.
- Schedule: You can add Schedule to job deployment by providing Start Date and Start Time.
- Select the Recurring Job checkbox to make it recurring.
- You can Repeat the job by selecting required number of days.
- Select Timezone checkbox.
To go to Notifications tab, click Next.
On Notification tab, provide the email addresses separated by commas.
Select the option for when to notify the recipients:
Options include: Deployment is complete, Certificate is issued, and scheduling will be triggered <n> days.
To go to Review and Confirm tab, click Next.
Review and Confirm the changes. Review and confirm your selections.
Review and confirm your selections. If required, you can also edit Basic Information, CSR Creation from this step. Click Create.
Once the job is created, it is listed on Jobs or Scheduled tab based on your selected option.