How to generate a Certificate Signing Request (CSR)

A Certificate Signing Request (CSR) is a block of encoded text that is given to a Certificate Authority (CA) when applying for an SSL certificate. It includes information such as the organization name, common name (domain name), locality, and country. Here’s a step-by-step guide on how to generate a CSR:

Generating a CSR in cPanel

  1. Log into cPanel: Use your cPanel login credentials to access the control panel.
  2. Navigate to the SSL/TLS Section: Look for the “SSL/TLS” option under the “Security” section and click on it.
  3. Generate a New CSR: Click on “Generate, view, or delete SSL certificate signing requests.”
  4. Fill Out the CSR Form: Enter the necessary information in the form:
    • Domains: Enter the fully qualified domain name (e.g., www.example.com).
    • City: Enter the city where your organization is located.
    • State: Enter the state where your organization is located.
    • Country: Select your country from the dropdown list.
    • Company Name: Enter the legal name of your organization.
    • Company Division: Enter the division of your organization (e.g., IT).
    • Email: Enter a valid email address.
    • Passphrase: Enter a passphrase if desired (optional).
    • Description: Add a description if needed (optional).
  5. Generate the CSR: After filling out the form, click on the “Generate” button. cPanel will create the CSR and display it on the next screen. You can copy and save it for later use when requesting your SSL certificate.

Steps to Generate a CSR in WHM

  1. Log into WHM: Use your WHM login credentials to access the control panel.
  2. Navigate to the SSL/TLS Section: In the WHM home interface, locate the “SSL/TLS” section.
  3. Generate a New CSR: Click on “Generate an SSL Certificate and Signing Request.”
  4. Fill Out the CSR Form: You will be presented with a form to enter the necessary information:
    • Key Size: Select 2048 bits (recommended).
    • Domains: Enter the fully qualified domain name (e.g., www.example.com).
    • City: Enter the city where your organization is located.
    • State: Enter the state where your organization is located.
    • Country: Select your country from the dropdown list.
    • Company Name: Enter the legal name of your organization.
    • Company Division: Enter the division of your organization (e.g., IT).
    • Email: Enter a valid email address.
    • Passphrase: Enter a passphrase if desired (optional).
  5. Generate the CSR: After filling out the form, click on the “Create” button. WHM will generate the CSR along with the private key.
  6. View and Copy the CSR: WHM will display the CSR and the private key. You can copy the CSR text and save it to a file or directly use it to apply for an SSL certificate from a Certificate Authority (CA).

Generating a CSR in Plesk

  1. Log into Plesk: Use your Plesk login credentials to access the control panel.
  2. Navigate to the Websites & Domains Section: Select the domain you want to generate a CSR for.
  3. Open SSL/TLS Certificates: Click on “SSL/TLS Certificates” under the domain you selected.
  4. Add a New Certificate: Click on the “Add SSL/TLS Certificate” button.
  5. Fill Out the Certificate Information: Enter the necessary information in the form:
    • Certificate Name: Enter a name for your certificate.
    • Bits: Choose the key size (2048 is recommended).
    • Country: Select your country from the dropdown list.
    • State or province: Enter your state or province.
    • Location (city): Enter your city.
    • Organization name (company): Enter your organization’s name.
    • Organization department or division name: Enter the division of your organization (e.g., IT).
    • Domain name: Enter the fully qualified domain name (e.g., www.example.com).
    • Email: Enter a valid email address.
  6. Generate the CSR: Click “Request” to generate the CSR. Plesk will create the CSR and display it. You can copy and save it for later use when requesting your SSL certificate.

Using OpenSSL on Linux/Unix/MacOS

  1. Install OpenSSL (if not already installed): Most Unix-based systems have OpenSSL pre-installed. You can check by running:
    openssl version

    If it’s not installed, you can typically install it via your package manager:

    • Debian/Ubuntu:
      sudo apt-get install openssl
    • Red Hat/CentOS:
      sudo yum install openssl
    • MacOS (via Homebrew):
      brew install openssl
  2. Generate a Private Key:
    openssl genrsa -out private.key 2048

    This command generates a 2048-bit RSA private key.

  3. Generate the CSR:
    openssl req -new -key private.key -out request.csr

    You will be prompted to enter information about your organization and domain.

Using OpenSSL on Windows

  1. Install OpenSSL: Download the Windows installer from the OpenSSL binaries and install it.
  2. Open Command Prompt and Navigate to OpenSSL Directory:
    cd C:\OpenSSL-Win32\bin
  3. Generate a Private Key:
    openssl genrsa -out private.key 2048
  4. Generate the CSR:
    openssl req -new -key private.key -out request.csr

    Enter the required information when prompted.

Using Windows IIS

  1. Open IIS Manager: Press Win + R, type inetmgr, and press Enter.
  2. Navigate to Server Certificates: In the left panel, select your server’s name, then double-click “Server Certificates” in the middle panel.
  3. Create a Domain Certificate Request: In the “Actions” pane on the right, click “Create Certificate Request”.
  4. Fill Out the CSR Form: Enter the Distinguished Name Properties (common name, organization, etc.) and click “Next”.
  5. Choose Cryptographic Service Provider Properties: Select Microsoft RSA SChannel and 2048-bit length. Click “Next”.
  6. Save the CSR: Choose a location to save the .csr file and click “Finish”.

Using Online Tools

There are also online tools that can generate a CSR for you. One such tool is https://csrgenerator.com/.

Information to Include in the CSR

When generating a CSR, you will typically be asked for the following information:

  • Common Name (CN): Fully qualified domain name (e.g., www.example.com)
  • Organization (O): Legal name of your organization
  • Organizational Unit (OU): Division of organization (e.g., IT Department)
  • City or Locality (L): City where your organization is located
  • State or Province (ST): State/province where your organization is located
  • Country (C): Two-letter country code (e.g., US)

Example of OpenSSL Command with Parameters

You can also pass the information directly as parameters:

openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out request.csr -subj "/C=US/ST=California/L=San Francisco/O=Example Inc/OU=IT Department/CN=www.example.com"

This command will generate both the private key and the CSR with the specified details.

Verifying the CSR

To verify the contents of the CSR, you can use:

openssl req -in request.csr -noout -text

This command displays the contents of the CSR in a human-readable format.

After Generating the CSR

  • Save the CSR and Private Key: Ensure you save the CSR and private key in a secure location. You will need the private key when you install the SSL certificate.
  • Submit the CSR to a CA: Provide the CSR to the Certificate Authority from which you are purchasing the SSL certificate. The CA will use the information in the CSR to issue your SSL certificate.
Was this article helpful?
YesNo