The CSR is the 1st starting point.
From my pass experiences you want to use no "abbr" states names.
System > certificate
Next you will submit the CSR to CA in this we are using comdo for the signing . They will sign the CSR and issue the certificate. Your private-key at this point is private and not submitted with the CSR.
The will issue the certificate and intermediate certificate back to you in a zip file.
The certificate process will need to validate you during the process for a DV certificate. So a domain will require a email and it's best to use the email address attach as the admin/technical contact from the whois.
Finally we can upload the certificate once it's been signed.
Make sure you install any CA intermediate in the appliance also.
Finally having a certificate install is part A of the step, you need to make the appliance aware and use the certificate. The easiest way is to use the cli command
"set default-certificate < the named certificate>"
IMHO it's best to restart the https daemon or reboot the appliance
Finally, running a CA chain check will show a validate certificate that's trusted & it won't hurt to complete a a free SSL score check.
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
=( @ @ )=