How do I Generate a CSR (Certificate Signing Request)?

Applies to: Grid
- Difficulty: Easy
- Time Needed: 10
- Tools Required: Account Center access
Applies to: Legacy DV & VPS Hosting
- Difficulty: Easy
- Time Needed: 10
- Tools Required: Plesk administrator access
Applies to: VPS Hosting
- Difficulty: Easy
- Time Needed: 10
- Tools Required: Plesk administrator access
Applies to: DV 4.0
- Difficulty: Easy
- Time Needed: 10
- Tools Required: Plesk administrator access
Applies to: Managed WordPress
- Difficulty: Medium
- Time Needed: 20
- Tools Required: SSH access
Applies to: Shared Hosting
- Difficulty: Easy
- Time Needed: 10
- Tools Required: Account Center access, cPanel access

Applies to: AWS
- Difficulty: Easy
- Time Needed: 10
- Tools Required: AWS Acces

Overview

You may be asked to generate a Certificate Signing Request, or CSR, if you are purchasing an SSL certificate through a third party certifying authority. Once generated, you will need to submit that CSR to your third party provider, who will then create an SSL certificate for you.

TIP:
Already have an SSL certificate? You may be able to skip generating a CSR and simply import your certificate and private key.

See Installing an SSL Certificate for details.

Instructions

Log into cPanel for your domain.
Click SSL/TLS.
Under Certificate Signing Requests (CSR), click Generate, view, or delete SSL certificate signing requests.
Fill out the appropriate CSR information. You can add each additional domain to your CSR on a separate line. When you are finished, click Generate located at the bottom of the page.

Wildcard SSL:
Wildcard certificates secure the common name (example.com) and all subdomains at the level you specify when you submit your request. If you would like to generate a CSR for a wildcard SSL, just add an asterisk (*) in the subdomain area of the domain name (*.example.com).
A CSR and Private Key will be generated.

Before Starting

Please note only Media Temple SSL and GoDaddy SSL certificates are valid for the Managed Wordpress Hosting. Other third-party SSLs are not able to be installed to this server type. The following guide only applies to generating a CSR for GoDaddy. Media Temple SSLs already come with a CSR generated for you.

Note:
If you wish for assistance in generating a CSR, feel free to contact Support directly by opening a support request, starting a chat, or by calling us at 1.310.841.5500 and we'll be happy to assist you.

Generating a GoDaddy CSR

1. Connect to your site via SSH.

2. Run the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout insertname.key -out insertname.csr

3. Enter the requested information:

Common Name: The domain name or URL you wish to secure.
Exclude using "www" (using just example.com will secure BOTH example.com and www.example.com). For Wildcard SSLs use an asterisk (*.example.com)
Organizational Unit: If applicable.
City or Locality: Name of the city where your organization is registered/located. Do not abbreviate.
State or Province: Name of the state or province where your organization is located. Do not abbreviate.
Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.

3. A Private Key (.key) and CSR (.csr) will be generated in the directory you ran the previous command from.

4. You can check the validity of these files by running the following commands:

openssl rsa -in insertname.key -check
openssl req -in insertname.csr -noout -text

5. Continue with the SSL installation process by following the article: Installing a GoDaddy SSL

Instructions

1. Sign into the Account Center.
2. In the Overview page, click on the blue Admin button for your Grid server.

3. After clicking the Admin button, you will be taken to the Server Overview screen. Look towards the left site to find Sites and select your desired domain.

4. After clicking on the Sites button, look for the Site Tools box and select SSL Options.

Note: If you are ordering a certificate from (mt) Media Temple, a CSR is automatically generated for you during the ordering process, and you can proceed with the Grid automatic SSL certificate installation.

5. Click on the Generate CSR button, fill out the required fields with details about your organization and domain, then click the click the Generate button when you are finished.

Wildcard SSL: Media Temple services support Wildcard SSLs. Wildcard certificates secure the common name (example.com) and all subdomains at the level you specify when you submit your request. In order to generate a CSR for a wildcard SSL, just add an asterisk (*) in the subdomain area to the left of the common name (*.example.com).

6. The page will reload when your CSR is finished generating. Submit it to the Certificate Authority (CA) and they will sign a certificate for you.
csr

Make sure to copy the text that starts with the line -----BEGIN CERTIFICATE REQUEST----- and ends with the line -----END CERTIFICATE REQUEST----- to capture the entire CSR.

7. Once you receive the certificate from your signing authority, follow this guide to install your SSL certificate.

(gs) Grid Service

Certain Grid servers like the (gs) Grid Service may not see the same options above and will instead want to do the following:

1. Sign into the Account Center.
2. In the Overview page, click on the name of the specific domain or subdomain that you wish to generate the CSR for.
3. Select the SSL Certificate icon.
ssl_cert_grid

4. Click on the Generate CSR button.

Instructions

Plesk

Log into to Plesk Control Panel for your desired domain.
Select SSL/TLS Certificates.
Select Add SSL/TLS Certificate.
Fill out the Certificate Request form with all relevant data for your website, then click Request.

Wildcard SSL:
Wildcard certificates secure the common name (example.com) and all subdomains at the level you specify when you submit your request. If you would like to generate a CSR for a wildcard SSL, just add an asterisk (*) in the subdomain area of the domain name (*.example.com).
An entry for your CSR will be generated. Click on the certificate/csr name to continue.
To view the CSR, scroll down to the CSR and Private Key sections.

cPanel

Note: This following guide was made using the cPanel theme "paper_lantern." If you are using a different theme, your visuals/instructions may vary.

Log into the cPanel account for the desired domain.
Click SSL/TLS.
Under Certificate Signing Requests (CSR), click Generate, view, or delete SSL certificate signing requests.
Fill out the appropriate CSR information. Then click Generate located at the bottom of the page.

Wildcard SSL:
Wildcard certificates secure the common name (example.com) and all subdomains at the level you specify when you submit your request. If you would like to generate a CSR for a wildcard SSL, just add an asterisk (*) in the subdomain area of the domain name (*.example.com).
A CSR and Private Key will be generated at this time.

Instructions

Plesk 10.3.1 and newer, with SNI support enabled

If you are using the Power User Panel, you can get to the SSL certificate section of your webspace by following the instructions below:

Log into the Plesk Control Panel for your domain.
From the row of tabs at the top, select Websites & Domains.
Click on Secure Your Sites.

If you are using the Service Provider Panel, you can get to the SSL certificate section of your subscription by following the instructions below:

Log into the Plesk Server Administrator Panel.
From the left-menu, click on Domains from the Hosting Services section.
Click on Manage Hosting or Open in Control Panel for the domain you are installing the SSL certificate.
From the row of tabs at the top, select Websites and Domains..
Click on Secure Your Sites.

Plesk 10.2 and older

If you are using the Power User Panel, you can get to the SSL certificate section of your server by following the instructions below:

Log into the Plesk Control Panel for your domain.
From the row of tabs at the top, select the Server tab.
Under Tools & Resources, click on SSL Certificates.

If you are using the Service Provider Panel, you can get to the SSL certificate section of your subscription by following the instructions below:

Log into the Plesk Server Administrator Panel.
From the left-menu, click on Tools & Settings.
Under Tools & Resources, click on SSL Certificates.

Generating the CSR

Once you are at the SSL Certificates screen, continue with generating the Certificate Signing Request by following the instructions below.

Click on the Add SSL Certificate icon.
Specify the certificate properties:

Certificate name. This will help you identify this certificate in the repository.

Your location and organization name. The values you enter should not exceed the length of 64 symbols.

Domain name. The domain name for which you want to purchase an SSL certificate. This should be a fully qualified domain name. For this example, we use: dv-example.com.

Email. The website administrator's e-mail address.

Double-check to ensure that all the provided information is correct and accurate, as it will be used to generate your private key.

Click the Request button. Your private key and certificate signing request will be generated and stored in the repository.

In the list of certificates, click the name of the certificate you just created. A page showing the certificate properties opens.

Locate the CSR section on the page, and copy the text that starts with the line -----BEGIN CERTIFICATE REQUEST----- and ends with the line -----END CERTIFICATE REQUEST----- to the clipboard.

Submit your CSR to your third-party certifying authority. Fill out any information they require. When you fill in the server type, select Apache or Apache OpenSSL, whichever is available.

Verisign - choose Apache

Thawte - choose Apache_OpenSSL

GeoTrust - choose Apache + Open SSL

It may take a few days for the certifying authority to process your request. If you have questions about the status of your request, please contact your third-party vendor.

Obtain your certificate, and any required chain certificates, from your certifying authority. You may be prompted to download something called a bundle. Do so, unzip it if necessary, and open it. You will likely have one certificate and up to three chain certificates inside. You can open these files in a plain text editor, such as Notepad or TextEdit, for easy copying and pasting. Chain certificates are also called CA certificates. Import your certificate and any chain certificates using the instructions found here: Manually installing an SSL certificate

Overview

Media Temple will install a certificate that you provide to us or help you obtain one from AWS. If you don't already own a certificate, you will need a Certificate Signing Request (CSR) to purchase one. We can generate the CSR for you with information you provide. It's important the information you provide is accurate - you will usually not be able to make changes after you purchase your certificate.

To create a CSR for you, we will need you to send us the following information:

Common Name: The fully-qualified domain name, or URL, you're securing. If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.
Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name.
Organization Unit: If applicable, enter the DBA (doing business as) name.
City or Locality: Name of the city where your organization is registered/located. Do not abbreviate.
State or Province: Name of the state or province where your organization is located. Do not abbreviate.
Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.

After you provide us that information, we will create the CSR and send it to you. You can then take the CSR to an SSL vendor who will use that information to generate your certificate. There are many types of certificates. If you're unsure about what kind you need, please discuss it with us.

After you've purchased your certificate, the SSL vendor will provide you with files that contain it. Please send the certificate files to us in a ticket (the one where you requested the CSR is ideal) and we will be happy to install it for you.

Resources

How do I Generate a CSR (Certificate Signing Request)?

Browse by products and services

Legacy DV and VPS Hosting

Grid Hosting

Shared Hosting

Legacy Managed WordPress

Fully Managed Cloud on AWS

VPS Hosting

Overview

Instructions

Before Starting

Generating a GoDaddy CSR

Instructions

(gs) Grid Service

Instructions

Plesk

cPanel

Instructions

Plesk 10.3.1 and newer, with SNI support enabled

Plesk 10.2 and older

Generating the CSR

Overview

Resources

Article Contents: