{"id":3026,"date":"2024-06-24T14:45:44","date_gmt":"2024-06-24T09:15:44","guid":{"rendered":"https:\/\/www.nettigritty.com\/kb\/?p=3026"},"modified":"2026-04-27T11:05:43","modified_gmt":"2026-04-27T05:35:43","slug":"how-to-generate-a-certificate-signing-request-csr","status":"publish","type":"post","link":"https:\/\/www.nettigritty.com\/kb\/cpanel\/how-to-generate-a-certificate-signing-request-csr\/","title":{"rendered":"How to generate a Certificate Signing Request (CSR)"},"content":{"rendered":"<p>A Certificate Signing Request (CSR) is a block of encoded text that is given to a Certificate Authority (CA) when applying for an SSL certificate. It includes information such as the organization name, common name (domain name), locality, and country. Here\u2019s a step-by-step guide on how to generate a CSR:<\/p>\n<h3>Generating a CSR in cPanel<\/h3>\n<ol>\n<li><strong>Log into cPanel:<\/strong> Use your cPanel login credentials to access the control panel.<\/li>\n<li><strong>Navigate to the SSL\/TLS Section:<\/strong> Look for the &#8220;SSL\/TLS&#8221; option under the &#8220;Security&#8221; section and click on it.<\/li>\n<li><strong>Generate a New CSR:<\/strong> Click on &#8220;Generate, view, or delete SSL certificate signing requests.&#8221;<\/li>\n<li><strong>Fill Out the CSR Form:<\/strong> Enter the necessary information in the form:\n<ul>\n<li><strong>Domains:<\/strong> Enter the fully qualified domain name (e.g., <a href=\"http:\/\/www.example.com\" target=\"_new\" rel=\"noreferrer noopener\">www.example.com<\/a>).<\/li>\n<li><strong>City:<\/strong> Enter the city where your organization is located.<\/li>\n<li><strong>State:<\/strong> Enter the state where your organization is located.<\/li>\n<li><strong>Country:<\/strong> Select your country from the dropdown list.<\/li>\n<li><strong>Company Name:<\/strong> Enter the legal name of your organization.<\/li>\n<li><strong>Company Division:<\/strong> Enter the division of your organization (e.g., IT).<\/li>\n<li><strong>Email:<\/strong> Enter a valid email address.<\/li>\n<li><strong>Passphrase:<\/strong> Enter a passphrase if desired (optional).<\/li>\n<li><strong>Description:<\/strong> Add a description if needed (optional).<\/li>\n<\/ul>\n<\/li>\n<li><strong>Generate the CSR:<\/strong> After filling out the form, click on the &#8220;Generate&#8221; button. cPanel will create the CSR and display it on the next screen. You can copy and save it for later use when requesting your SSL certificate.<\/li>\n<\/ol>\n<h3>Steps to Generate a CSR in WHM<\/h3>\n<ol>\n<li><strong>Log into WHM:<\/strong> Use your WHM login credentials to access the control panel.<\/li>\n<li><strong>Navigate to the SSL\/TLS Section:<\/strong> In the WHM home interface, locate the &#8220;SSL\/TLS&#8221; section.<\/li>\n<li><strong>Generate a New CSR:<\/strong> Click on &#8220;Generate an SSL Certificate and Signing Request.&#8221;<\/li>\n<li><strong>Fill Out the CSR Form:<\/strong> You will be presented with a form to enter the necessary information:\n<ul>\n<li><strong>Key Size:<\/strong> Select 2048 bits (recommended).<\/li>\n<li><strong>Domains:<\/strong> Enter the fully qualified domain name (e.g., <a href=\"http:\/\/www.example.com\" target=\"_new\" rel=\"noreferrer noopener\">www.example.com<\/a>).<\/li>\n<li><strong>City:<\/strong> Enter the city where your organization is located.<\/li>\n<li><strong>State:<\/strong> Enter the state where your organization is located.<\/li>\n<li><strong>Country:<\/strong> Select your country from the dropdown list.<\/li>\n<li><strong>Company Name:<\/strong> Enter the legal name of your organization.<\/li>\n<li><strong>Company Division:<\/strong> Enter the division of your organization (e.g., IT).<\/li>\n<li><strong>Email:<\/strong> Enter a valid email address.<\/li>\n<li><strong>Passphrase:<\/strong> Enter a passphrase if desired (optional).<\/li>\n<\/ul>\n<\/li>\n<li><strong>Generate the CSR:<\/strong> After filling out the form, click on the &#8220;Create&#8221; button. WHM will generate the CSR along with the private key.<\/li>\n<li><strong>View and Copy the CSR:<\/strong> WHM will display the CSR and the private key. You can copy the CSR text and save it to a file or directly use it to apply for an SSL certificate from a Certificate Authority (CA).<\/li>\n<\/ol>\n<h3>Generating a CSR in Plesk<\/h3>\n<ol>\n<li><strong>Log into Plesk:<\/strong> Use your Plesk login credentials to access the control panel.<\/li>\n<li><strong>Navigate to the Websites &amp; Domains Section:<\/strong> Select the domain you want to generate a CSR for.<\/li>\n<li><strong>Open SSL\/TLS Certificates:<\/strong> Click on &#8220;SSL\/TLS Certificates&#8221; under the domain you selected.<\/li>\n<li><strong>Add a New Certificate:<\/strong> Click on the &#8220;Add SSL\/TLS Certificate&#8221; button.<\/li>\n<li><strong>Fill Out the Certificate Information:<\/strong> Enter the necessary information in the form:\n<ul>\n<li><strong>Certificate Name:<\/strong> Enter a name for your certificate.<\/li>\n<li><strong>Bits:<\/strong> Choose the key size (2048 is recommended).<\/li>\n<li><strong>Country:<\/strong> Select your country from the dropdown list.<\/li>\n<li><strong>State or province:<\/strong> Enter your state or province.<\/li>\n<li><strong>Location (city):<\/strong> Enter your city.<\/li>\n<li><strong>Organization name (company):<\/strong> Enter your organization\u2019s name.<\/li>\n<li><strong>Organization department or division name:<\/strong> Enter the division of your organization (e.g., IT).<\/li>\n<li><strong>Domain name:<\/strong> Enter the fully qualified domain name (e.g., <a href=\"http:\/\/www.example.com\" target=\"_new\" rel=\"noreferrer noopener\">www.example.com<\/a>).<\/li>\n<li><strong>Email:<\/strong> Enter a valid email address.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Generate the CSR:<\/strong> Click &#8220;Request&#8221; to generate the CSR. Plesk will create the CSR and display it. You can copy and save it for later use when requesting your SSL certificate.<\/li>\n<\/ol>\n<h3>Using OpenSSL on Linux\/Unix\/MacOS<\/h3>\n<ol>\n<li><strong>Install OpenSSL (if not already installed):<\/strong> Most Unix-based systems have OpenSSL pre-installed. You can check by running:\n<div class=\"dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-sh\">openssl version <\/code><\/div>\n<\/div>\n<p>If it\u2019s not installed, you can typically install it via your package manager:<\/p>\n<ul>\n<li><strong>Debian\/Ubuntu:<\/strong>\n<div class=\"dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-sh\">sudo apt-get install openssl <\/code><\/div>\n<\/div>\n<\/li>\n<li><strong>Red Hat\/CentOS:<\/strong>\n<div class=\"dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-sh\">sudo yum install openssl <\/code><\/div>\n<\/div>\n<\/li>\n<li><strong>MacOS (via Homebrew):<\/strong>\n<div class=\"dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-sh\">brew install openssl <\/code><\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>Generate a Private Key:<\/strong>\n<div class=\"dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-sh\">openssl genrsa -out private.key 2048 <\/code><\/div>\n<\/div>\n<p>This command generates a 2048-bit RSA private key.<\/li>\n<li><strong>Generate the CSR:<\/strong>\n<div class=\"dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-sh\">openssl req -new -key private.key -out request.csr <\/code><\/div>\n<\/div>\n<p>You will be prompted to enter information about your organization and domain.<\/li>\n<\/ol>\n<h3>Using OpenSSL on Windows<\/h3>\n<ol>\n<li><strong>Install OpenSSL:<\/strong> Download the Windows installer from the <a href=\"https:\/\/wiki.openssl.org\/index.php\/Binaries\" target=\"_blank\" rel=\"noreferrer noopener\">OpenSSL binaries<\/a> and install it.<\/li>\n<li><strong>Open Command Prompt and Navigate to OpenSSL Directory:<\/strong>\n<div class=\"dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-sh\"><span class=\"hljs-built_in\">cd<\/span> C:\\OpenSSL-Win32\\bin <\/code><\/div>\n<\/div>\n<\/li>\n<li><strong>Generate a Private Key:<\/strong>\n<div class=\"dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-sh\">openssl genrsa -out private.key 2048 <\/code><\/div>\n<\/div>\n<\/li>\n<li><strong>Generate the CSR:<\/strong>\n<div class=\"dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-sh\">openssl req -new -key private.key -out request.csr <\/code><\/div>\n<\/div>\n<p>Enter the required information when prompted.<\/li>\n<\/ol>\n<h3>Using Windows IIS<\/h3>\n<ol>\n<li><strong>Open IIS Manager:<\/strong> Press <code>Win + R<\/code>, type <code>inetmgr<\/code>, and press Enter.<\/li>\n<li><strong>Navigate to Server Certificates:<\/strong> In the left panel, select your server&#8217;s name, then double-click &#8220;Server Certificates&#8221; in the middle panel.<\/li>\n<li><strong>Create a Domain Certificate Request:<\/strong> In the &#8220;Actions&#8221; pane on the right, click &#8220;Create Certificate Request&#8221;.<\/li>\n<li><strong>Fill Out the CSR Form:<\/strong> Enter the Distinguished Name Properties (common name, organization, etc.) and click &#8220;Next&#8221;.<\/li>\n<li><strong>Choose Cryptographic Service Provider Properties:<\/strong> Select Microsoft RSA SChannel and 2048-bit length. Click &#8220;Next&#8221;.<\/li>\n<li><strong>Save the CSR:<\/strong> Choose a location to save the <code>.csr<\/code> file and click &#8220;Finish&#8221;.<\/li>\n<\/ol>\n<h3>Using Online Tools<\/h3>\n<p>There are also online tools that can generate a CSR for you. One such tool is <a href=\"https:\/\/csrgenerator.com\/\" target=\"_blank\" rel=\"noopener\">https:\/\/csrgenerator.com\/<\/a>.<\/p>\n<h3>Information to Include in the CSR<\/h3>\n<p>When generating a CSR, you will typically be asked for the following information:<\/p>\n<ul>\n<li><strong>Common Name (CN):<\/strong> Fully qualified domain name (e.g., <a href=\"http:\/\/www.example.com\" target=\"_new\" rel=\"noreferrer noopener\">www.example.com<\/a>)<\/li>\n<li><strong>Organization (O):<\/strong> Legal name of your organization<\/li>\n<li><strong>Organizational Unit (OU):<\/strong> Division of organization (e.g., IT Department)<\/li>\n<li><strong>City or Locality (L):<\/strong> City where your organization is located<\/li>\n<li><strong>State or Province (ST):<\/strong> State\/province where your organization is located<\/li>\n<li><strong>Country (C):<\/strong> Two-letter country code (e.g., US)<\/li>\n<\/ul>\n<h3>Example of OpenSSL Command with Parameters<\/h3>\n<p>You can also pass the information directly as parameters:<\/p>\n<div class=\"dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-sh\">openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out request.csr -subj <span class=\"hljs-string\">\"\/C=US\/ST=California\/L=San Francisco\/O=Example Inc\/OU=IT Department\/CN=www.example.com\"<\/span> <\/code><\/div>\n<\/div>\n<p>This command will generate both the private key and the CSR with the specified details.<\/p>\n<h3>Verifying the CSR<\/h3>\n<p>To verify the contents of the CSR, you can use:<\/p>\n<div class=\"dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-sh\">openssl req -<span class=\"hljs-keyword\">in<\/span> request.csr -noout -text <\/code><\/div>\n<\/div>\n<p>This command displays the contents of the CSR in a human-readable format.<\/p>\n<h3>After Generating the CSR<\/h3>\n<ul>\n<li><strong>Save the CSR and Private Key:<\/strong> Ensure you save the CSR and private key in a secure location. You will need the private key when you install the SSL certificate.<\/li>\n<li><strong>Submit the CSR to a CA:<\/strong> Provide the CSR to the Certificate Authority from which you are purchasing the SSL certificate. The CA will use the information in the CSR to issue your SSL certificate.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>A Certificate Signing Request (CSR) is a block of encoded text that is given to a Certificate Authority (CA) when applying for an SSL certificate. It includes information such as the organization name, common name (domain name), locality, and country. Here\u2019s a step-by-step guide on how to generate a CSR: Generating a CSR in cPanel [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,5,101,112,8,7],"tags":[],"class_list":["post-3026","post","type-post","status-publish","format-standard","hentry","category-cpanel","category-plesk","category-security","category-ssl","category-website","category-windows"],"_links":{"self":[{"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/posts\/3026","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/comments?post=3026"}],"version-history":[{"count":5,"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/posts\/3026\/revisions"}],"predecessor-version":[{"id":3039,"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/posts\/3026\/revisions\/3039"}],"wp:attachment":[{"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/media?parent=3026"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/categories?post=3026"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/tags?post=3026"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}