Contact Support
Sign In
This article will show you how to generate a CSR for an SSL Certificate. Before you can install an SSL Certificate on your server, you must generate a Certificate Signing Request (CSR). A CSR is required by the Certificate Authority (CA) to validate your website’s identity and ownership before issuing the SSL/TLS certificate.
At Hosted.com®, we aim to make this process simple and secure. Our Support Team can generate a CSR for you, or you can create one yourself on your server. Either way, the CSR ensures your SSL certificate is trusted, protecting your visitors’ data and improving your website’s credibility.
TABLE OF CONTENTS
What is a CSR?
A Certificate Signing Request (CSR) is an encrypted file containing your website’s public key and details about your business or organization. It is submitted to a Certificate Authority (CA) to verify domain ownership and issue a trusted SSL/TLS certificate.
How to install SSL Certificates
You can access video demonstrations for generating CSRs and installing SSL certificates, links to CSR generation for various common servers can be found in our Blog – How to Generate a Certificate Signing Request (CSR)..
A Certificate Signing Request (CSR) is an encoded file that provides you with a standardized way to send the relevant Certificate Authority (CA) your public key as well as some information that identifies your company and domain name – it is required prior to any installation of an SSL on a server.
When configuring your SSL Certificates, the generated CSR will be required to be pasted into the order form.
Here are instructions for generating a CSR for these common platforms:
Once generated, paste the CSR into the Hosted.com® SSL order form to proceed with certificate validation.
Apache Server (OpenSSL):
– Apache Server
– PFX Import/Export
– Ubuntu Server with Apache2Microsoft Exchange Server:
– Exchange 2016
– Exchange 2013
– Exchange 2010Microsoft IIS:
– IIS 10
– IIS 8/8.5
– IIS 7Microsoft Lync:
– Lync 2013
– Lync 2010Tomcat Server (Keytool):
– Tomcat Server
– Java Based ServerNOTE:
If you are generating a CSR for a Wildcard SSL (for sub-domains) – the common name must start with an asterisk, which assumes any name excluding a dot-character (EXAMPLE:*example.com).
For more information, you can read our blog: SSL Certificate – What it is, Why it is Needed, and How to Set It Up.
Additional Information:
Best Practices to Generate a CSR
- Encryption Strength: Use at least a 2048-bit RSA key. For extra protection, consider 3072-bit or 4096-bit.
- Accuracy: Double-check your organization name, domain, and location. Inaccurate information can delay your SSL approval.
- Wildcard & Multi-Domain Certificates: If you need SSL for multiple domains or subdomains, configure your CSR accordingly using Wildcard or SAN (Subject Alternative Name) fields.
- Renewals & Changes: If your business details change (e.g., rebranding) or your server is compromised, revoke or renew your SSL certificate by generating a new CSR.
- Security: Store CSR and private key backups in secure, encrypted formats. Limit access to authorized staff only.
- Compliance: Be aware of compliance requirements (PCI DSS, HIPAA, GDPR, etc.) depending on your industry.
- Server Configuration: After installing your SSL, optimize your server’s SSL/TLS settings. Enable secure protocols, configure strong cipher suites, and implement HTTP Strict Transport Security (HSTS).
What is a Certificate Signing Request?
A Certificate Signing Request (CSR) is a file that includes your website’s public key and other important information about your company and its domain. This kind of file serves as a formal request to a Certificate Authority (CA) for the issuance of an SSL certificate. Before you can install an SSL certificate on your server, you must generate and submit a CSR to the CA, ensuring that your website’s identity and ownership are verified.
The Significance of a CSR
CSRs serve as a mechanism for requesting SSL/TLS certificates, which are essential for establishing trust, encrypting communication, and enhancing the security of websites and online transactions.
They also encode the public key of an entity such as a website or server, along with relevant identification information. This data is securely transmitted to a Certificate Authority (CA) to request the issuance of an SSL/TLS certificate.
Other information included in a Certificate Signing Request CSR are about the organization or individual requesting the certificate, helping CAs verify domain ownership and confirm the legitimacy of the certificate request.
Certificate Signing Requests play a crucial role in establishing trust between users and websites. By obtaining SSL/TLS certificates based on valid CSRs, websites can demonstrate their authenticity and assure users that their connections are secure.
Prerequisites For Generating a CSR
- Organization Name
- Location of the Organization
- Key Type and Size (the minimum is 2048-bit)
- Common Name (EXAMPLE:www.example.com)
IMPORTANT:
If you are generating a CSR for a Wildcard SSL (for sub-domains) – the common name must start with an asterisk, which assumes any name excluding a dot-character (EXAMPLE:*example.com).
When configuring your SSL Certificates, the generated CSR will need to be pasted into the order form.
General Information About CSRs and SSLs
When generating the CSR, it’s important to choose an appropriate encryption strength for the private key. A 2048-bit RSA key is commonly recommended for strong security, but you may opt for higher strengths like 3072-bit or 4096-bit for enhanced protection.
Ensure that the CSR includes accurate information that will remain valid for the duration of the SSL certificate.
If your website requires SSL certificates for multiple subdomains or multiple domains, consider using wildcard or multi-domain certificates. These require additional configuration when generating the CSR to include all relevant domains.
In the event of compromised security or changes to your organization’s information, you may need to revoke or renew your SSL certificate. Understand the process for updating CSRs and obtaining new certificates from your CA.
Safeguard the CSR and private key by securely backing them up. Losing these files could complicate certificate installation or lead to security vulnerabilities. Store backups in encrypted formats and restrict access to authorized personnel only.
Depending on your industry and geographical location, you may need to comply with specific regulations or standards regarding SSL certificate issuance and management. Familiarize yourself with relevant requirements to ensure compliance.
After installing the SSL certificate, review and configure your server’s SSL settings to maximize security. This includes enabling protocols like TLS, configuring cipher suites, and implementing HTTP Strict Transport Security (HSTS) for enhanced protection against attacks.
