A Certificate Signing Request (CSR) is an encrypted message that acts as your application for the SSL Certificate from the Certificate Authority.
The overall process for getting an SSL Certificate goes something like this:
- Step 1: Create your keys
- Step 2: Create your CSR application
- Step 3: Submit your application to the Certificate Authority
- Step 4: Certificate Authority issues the certificate
This is a great but very simple overview of the process. The exact step-by-step instructions will vary wildly depending on your web hosting environment. The first two steps take place in your web hosting environment. If you get stuck you’ll need to contact your web hosting provider support team for help generating your keys or the CSR application.
Some web hosts will have a management control panel that will greatly simplify these steps. If not, you’ll need SSH/telnet access to the web server to manually generate the keys and CSR.
Using a Control Panel
- In the control panel, find and click the TLS/SSL Manager icon.
- Click on Generate, view, upload or delete your private keys.
- Under the Generate a New Key section: select your Primary domain from the drop-down list, select the Key Size (2048 or 1024) and click the Generate button.
- Your private key will be displayed. Click Return to SSL Manager.
- Click the Generate, view, or delete SSL certificate signing requests
- Choose the host from the drop-down menu, enter the required information below and click the Generate button.
- Your CSR application will be displayed. If the CSR looks blank, click back and correct any information.
- Copy your CSR and submit it through the Shopp Store Trust Services SSL Certificate Setup tool.
- In the Plesk Server Administrator, select the domain name you want to secure with SSL.
- In the Domain Administration page, if you have an IP based hosting account the Certificate button will appear. You must have IP based hosting to continue. Click the Certificate button.
- In the SSL certificate setup page enter the requested Certificate Information and click the Request button.
- Plesk will email your CSR to the email address you provided. The email includes two sections – the RSA Private Key and the Certificate Signing Request. Do not lose the RSA Private Key, you will need it later.
For Direct Admin
- Select User Level access using the Access Level menu on the right.
- Click on SSL Certificates under the Advanced Features section.
- Select the option Create a Certificate Request, enter the requested information and click Save.
- The CSR will be displayed with the RSA Private Key. It is very important that you make a backup of the CSR and Private Key!
Manually Generating a CSR and private key
You will need to SSH or telnet into your web server. Ask your web hosting provider customer service team for SSH or telnet access into your server.
Generate a private key and a public Certificate Signing Request (CSR) by using the following command:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out request.csr
This creates a two files. The file
server.key is the private key – carefully protect your private key. In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is integral in the SSL process. The
request.csr is your signed application for an SSL certificate (Certificate Signing Request).
Entering data for the CSR
You will be asked to enter data for your CSR. Please enter your company’s location information into the country, state, and locality fields.
If you are an international customer in a country which does not have states, you may use your country name in the state field.
Please spell out all state and city names. For example, if your company is in Texas, please use Texas rather than TX.
When you arrive at the step which asks for your organization’s name, please use your company’s full name, including any suffixes such as Inc or LLC. You may specify a company department, or simply Web in the organizational unit field.
For the common name, this is where you enter the full web address of your site. For example, www.yourdomain.com and yourdomain.com are acceptable while http://www.yourdomain.com is not. If your certificate is for an intranet server, you may use the name of the server on your internal network. When ordering a Wildcard SSL certificate use the form *.yourdomain.com.
You can also set a password for the private key. If you do choose to set a password, your private key will be useless if you forget the password. In addition, you will be required to provide this password to Apache each time it starts.
Submit the CSR
Once your CSR is ready, you can copy and paste the contents of the CSR file into the Shopp Store Trust Services SSL Certificate Setup tool.