CSR (Certificate Signing Request) has to be generated on side of the company that provides hosting services for site that you want to secure with SSL certificate.
To Generate A CSR From cPanel/WHM
1. Log in to the WHM as the root user.
2. Access option SSL/TLS from the navigation menu.
3. Click on Generate an SSL Certificate and Signing Request
A form will appear where you have to enter the details necessary to generate an SSL certificate.
We have briefly described the information about every field of this form and the instructions on how to fill them.
- Contact Information
When generating a CSR, we can send a copy of the generated self-signed certificate, the private key and the certificate signing request. Depending on your mail service provider, your mail may be sent over an insecure channel. We do not recommend sending private keys if the email service provider you use does not support secure mail via SSL/TLS.
Email Address:
Provide your email address to receive a copy of the generated certificate, key, and CSR.
Tick the option When complete, email me the certificate, key, and CSR so that you receive the details on email.
- Private Key Options
When the system generates a self-signed certificate and CSR, the system also generates a new private key for the certificate and CSR. To protect the certificate, this key must be confidential. Do not send the private key through an insecure method.
Key Type:
Select the Key type from the dropdown list. We recommend you choose the default 2,048-bit.
- Certificate Information
The information provided below is used to create a self-signed certificate and the corresponding certificate signing request. Since this is the information that users will see when they access a site via SSL, it is important to provide accurate and valid information.
Domains:
Provide the FQDNs that you wish to secure, one per line. Use a domain with www. To create and use a wildcard domain, add an asterisk to the domain name as in the following example: *.domain.com.
NOTE: Many CAs charge a higher price to issue multiple-domain certificates (sometimes called “UCCs” or “SAN certificates”) and certificates that include wildcard domains.
City:
Provide the complete name for the state or province. Do not use abbreviations.
Country:
Choose the country of origin for the certificate’s Company. Select the country from the dropdown.
Company Name:
Provide the legally-registered name for your business. If your company name includes symbols other than a period or comma, check with your certificate authority to confirm that they are acceptable.
Company Division:
Provide the name of the division or group within the above company. If the division includes symbols other than a period or comma, check with your certificate authority to confirm that they are acceptable.
Email:
Email Address where you can be contacted for verification of domain ownership. Most of the certificate authorities (CA) use webmaster@domain.com. Make sure this email address exist on your mail server.
- Shared Secrets
Some certificate authorities may require CSRs to have a passphrase. The certificate authority can use a CSR passphrase to confirm the identity of the person or organization with whom you wish to communicate. CSR passphrases are stored unencrypted in the CSR. Because of this, and also because you will share this passphrase with a third party, do not use an important password here.
Passphrase:
Do not use an important password. Passphrases stored in CSRs are not encrypted, which means third party attackers can easily read these passphrases.
After entering all the information, click the Create button at the end of the form.
The system will process the information you entered to generate an SSL certificate.