CSR (Certificate Signing Request) is needed to generate the SSL certificate. This set of codes has the company information encrypted like your domain name, company name, locality, and country of operation. This set of information is required for SSL activation and validation.
Critical Parts of Using SSL to Secure Website
1. Signing Request is a CSR (Certificate Signing Request) which is needed for your certificate activation.
2. Certificate is a self-signed, non-trusted certificate issued for your domain. It will not be used further.
3. Private Key is a key necessary for decoding during SSL/TLS handshake once your certificate is installed. Keep in mind that the private key should be saved as it is required for installation of the certificate on the server. Do not give it away to anyone
Steps to Generate CSR in WHM/cPanel
1. Log in to cPanel.
2. Click SSL/TLS under Security.
3. Choose RSA, 2048-bit and click Save.
- When generating CSR, please use 2048-bits to satisfy industry standards. This is the default and recommended key type when generating CSR in cPanel.
- If you would like to have a higher level of security, choose 4096 key size. Keep in mind that a bigger key size slows down establishment of an SSL/TLS session and increases load on your server’s central processor unit.
4. Scroll down and click the Generate, view, or delete SSL certificate signing requests link.
5. Enter the following required information in their corresponding field:
- The Common Name is a fully-qualified domain name (FQDN) for which you are going to use your certificate. For example, "www.domain.com".
- Your subdomains may or may not be covered depending on your SSL package. Verify this with your SSL provider.
- If you have a Wildcard certificate, common name for your certificate should be "*.domain.com".
- Sectigo certificate ordered for www.domain.com is issued, signed and works both for domain.com and www.domain.com.
Name of the city in which your organization is registered/located.
Name of a state or province where your organization is located.
Choose the country where the business is operating or registered.
Enter the legally-registered name of your business.
This field is used to differentiate between divisions within a company. For instance, Billing or Information Technologies.
- If you have a certificate with domain validation, it is not necessary to specify Company Name and Company Division. However, the fields must be filled in, do not leave them blank, put there NA instead.
Even if there is no [*] asterisk in this field, enter the email address where you can be contacted for verification of domain ownership.
- It is not obligatory to fill in the field Passphrase. It is created for the challenge password which used to be a shared secret between a certificate applicant and a Certificate Authority. This feature is obsolete nowadays and is not required for your SSL issuance.
- If you put CSR passphrase, make sure include only alpha-numeric characters and do not use any special characters/symbols. Otherwise, you’ll encounter an error.
6. Click Generate.
7. The next page displays three fields (Signing Request, Certificate and Private Key). Copy everything inside the boxes and send it to your SSL certificate provider. It should look like the set of long codes.
Feel free to contact our SSL Support Team if you have further questions.