< All Topics

SSL Certificates (Secure Sockets Layer) are an important component in ensuring the security and privacy of internet communications. 

Online transactions and interactions have become an integral part of our daily lives, it is more important than ever to protect sensitive information such as credit card numbers, login credentials, and personal details.

What is an SSL Certificate

An SSL/TSL Certificate is a digital accreditation that authenticates websites and encrypts data transmitted between a client and a server, making it virtually impossible for hackers to intercept and read the information.

Certificate Signing Request (CSR) and Public Keys

IMPORTANT NOTE:  Before initiating the process of obtaining a Certificate, a Private Key and CSR pair should be generated from the web server.

Certificate Signing Request (CSR)

A CSR, or Certificate Signing Request, represents the Public Key generated on a server. It serves to validate specific information about the web server and the corresponding company.

Digital IDs

Digital IDs leverage Public Key Cryptography, utilizing both Public and Private Key files. The assurance of the Digital ID’s integrity relies on the exclusive control of the private key by its owner.

Public Key

The Public Key, referred to as a CSR, is the component forwarded to the SSL Provider.

Private Key

The Private Key remains securely stored on the server and must not be disclosed to the public.

SSL Provider

SSL Provider does not have access to the Private Key.

The SSL Provider lacks access to the Private Key, which is generated locally on the client’s server and never transmitted to the SSL provider.

CSR & Private Key Generation

A CSR cannot be generated without creating a Private Key file, while the Private Key file cannot be generated without generating a CSR file. Read up on How to Generate a CSR.

In server software platforms like Microsoft IIS, both are generated simultaneously through the Wizard on the web server.

Information to Generate Private Key and CSR

Enter the details below to generate the Private Key and CSR pair from the web server:

  1. Organization Name e.g. My Company
  2. Organizational Unit e.g. My Department
  3. Country Code e.g. US
  4. State or Province e.g. New York
  5. Locality e.g. New York City
  6. Common Name e.g. www.domainname.com


In X.509 terminology, the term “common name” refers to the name that defines the Certificate and associates it with the company. For SSL Web Server Certificates, please input the precise host and domain name that requires security. This could also be the root server or intranet name for the company.

Read up on What Documentation is Required for an EV Certificate.

Example: If you intend to secure www.my-domain-name.co.za, you should input the exact host (www) and domain name in this field.

Certificate Renewals

To renew an SSL Certificate, a new Key and CSR pair must first be generated from the server. The Key needs to be backed up, and the newly created CSR must be submitted through the renewal process.

When renewing an SSL Certificate for any of the Server Software Platforms, there is no need to submit a new or renewal CSR to obtain the renewed Certificate. The previous CSR will be employed for the renewal Certificate. In other words, the renewal Certificate, once issued, will only function with the Private Key file initially submitted to the SSL Provider and used to create the CSR.

Blog – How to Get a Free Domain Name and a Free SSL Certificate

Blog – Web Hosting Security – Top 11 Best Practices

Blog – How To Renew SSL Certificates For A Website

Knowledgebase – Different types of SSL Certificates for enhanced website security

Knowledgebase – What is the Certificate Signing Request (CSR) Process

Knowledgebase – How to Install a SSL Certificate

Knowledgebase – Glossary of Terms – SSL Certificates

Was this article helpful?
Please Share Your Feedback
How Can We Improve This Article?