Generating a SAN SSL CSR


Browse by products and services

  • Applies to: Grid
    • Difficulty: Easy
    • Time Needed: 10
    • Tools Required: Account Center access
  • Applies to: DV
    • Difficulty: Easy
    • Time Needed: 10
    • Tools Required: Account Center access

Overview

A Subject Alternative Name (SAN) SSL is a specific type of SSL that allows you to secure multiple domains/subdomains with just one SSL. If you are looking to secure just a single domain, you will want to generate a standard CSR. If you purchase a (mt) Media Temple SSL generating a CSR is not required.

You may be asked to generate a Certificate Signing Request, or CSR, if you are purchasing a SAN SSL certificate through a third party certifying authority. Once generated, you will need to submit that CSR to your third party provider, who will then create an SSL certificate for you.

Because of the unique nature of the SAN SSL, it requires are specific method of generating a CSR which has been outlined below.

STATEMENT OF SUPPORT:
Please keep in mind that troubleshooting the configuration/functionality of third-party applications is not covered by our statement of support. These resources were provided as a courtesy to assist you to the extent of our abilities. For more information on our statement of support, feel free to click here.

 

Instructions

Plesk

For Plesk servers a SAN CSR will need to be generated through SSH.

  1. Connect to your server via SSH.
  2. Using SSH commands, we will first create a directory.
    mkdir /root/cert 
  3. Navigate into the newly created directory.
    cd /root/cert
  4. Create a configuration file called req.conf.
    to​uch req.conf
  5. Use the vim command to edit the req.conf file.
    vim req.conf
  6. Press the "i" key to enter INSERT mode. This mode will allow you to type in text to this file.

    1.png

  7. The following is a template that you will want to insert into the req.conf file.

    [req]
    distinguished_name = req_distinguished_name
    req_extensions = v3_req
    prompt = no
    [req_distinguished_name]
    C = %country%
    ST = %state%
    L = %city%
    O = %company name%
    OU = %department%
    CN = example.com
    [v3_req]
    keyUsage = keyEncipherment, dataEncipherment
    extendedKeyUsage = serverAuth
    subjectAltName = @alt_names
    [alt_names]
    DNS.1 = www.example.com
    DNS.2 = example.com
    DNS.3 = www.example1.com
    DNS.4 = example1.com

  8. Adjust the template to your needs. Below is an example of what we adjusted to generate our SAN CSR.

    p-v2-1.png
    I want to use "www" for my SSL:
    For your Common Name you do NOT need to include "www" in the CSR.
    For your Altername Name(s) you DO need to include "www" in the CSR.
    If you don't plan to use "www" for your Altername Names, you do not need to include it.
  9. Press the "esc" key to exit INSERT mode.
  10. Type ":wq" then press the "return" key to save your changes.

    p-v2-2.png

  11. Run the following command to generate the certificate.csr and certificate.key files.
    openssl req -new -out certificate.csr -newkey rsa:2048 -nodes -sha256 -keyout certificate.key -config req.conf
  12. The CSR can be verified by running the following command.
    openssl req -text -noout -verify -in certificate.csr
  13. Provide the content within the certificate.csr file to your third-party SSL provider.
  14. Once the SAN SSL has been generated by your third-party SSL provider, you will need the content within the certificate.key during the SSL installation process.

cPanel

For cPanel servers a SAN CSR can be generated through UI.

Note: This following guide was made using the cPanel theme "paper_lantern." If you are using a different theme, your visuals/instructions may vary.

  1. Log into the cPanel account for the desired domain.
  2. Click SSL/TLS.

    cp1.png
  3. Under Certificate Signing Requests (CSR), click Generate, view, or delete SSL certificate signing requests.

    cp2.png
  4. Fill out the CSR form. Then click Generate located at the bottom of the page.

    cp-1.png

    I want to use "www" for my SSL:
    For your Common Name you do NOT need to include "www" in the CSR.
    For your Altername Names you DO need to include "www" in the CSR.
    If you don't need "www" for your Altername Names, you do not need to include it.

  5. A CSR and Private Key will be generated.

    cp-2.png
  6. Provide the CSR information to your third-party SSL provider.
  7. Once the SAN SSL has been generated by your third-party SSL provider, you will need the Private Key for the SSL installation process