Table of Contents
Generating Your CSR
In order to activate your SSL Certificate, you need to generate a CSR (Certificate Signing Request).
This is an encrypted text block that uniquely specifies who you are, and especially the domain name (and subdomain or wildcard) that you want to use for the certificate. You need to use specific software to generate a CSR, and you will need to copy and paste the resulting block into the web form to activate your request.
Here are a two popular programs for generating a CSR. You will need to specify the software used when you generate it during the certificate creation process on our website, so it's a good idea to do this all in one session so you can keep track.
Generating your CSR with Apache/ModSSL (based on OpenSSL)
If you use the certificate with our Simple Hosting offer, your key can only be 2048 bits.
We recommend that you add the intermediate certificate, as well as the cross-signed certificate to your server, in order to reduce the risk of web browser incompatibility.
Generating your CSR
To generate a CSR (SHA-2):
openssl req -nodes -newkey rsa:2048 -sha256 -keyout myserver.key -out server.csr
This process creates two files: a public .csr file, and a private .key file that absolutely must be kept secret.
When you run the command, it will ask you a series of questions. Here are some sample responses:
Country Name (2 letter code) [AU]: US State or Province Name (full name) [Some-State]: Minnesota Locality Name (eg, city) : Moorhead Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Inc. Organizational Unit Name (eg, section) : IT Common Name (eg, YOUR name) : subdomain.example.com Email Address : A challenge password : An optional company name :
The optional company name and challenge password lines are optional.
We recommend that you enter an Email Address. It is optional.
subdomain.example.com indicates the subdomain that you want to protect. This is the most important part.
Multidomain certificate can not be used in this way: you have to declare each domain or subdomain you want to cover. In otherwords, if you have a multidomain certificate and secure the bare domains, they will not also secure the corresponding www subdomains.
The content of the CSR file is what you need to activate your certificate. You can simply display it and copy-paste it into the validation screen. The command:
will show you the block of text:
-----BEGIN CERTIFICATE REQUEST----- ...encrypted text... -----END CERTIFICATE REQUEST-----
Make sure to copy the entire block, including the Begin and End lines.
You can display the content of your KEY file using the following command :
Of course replace “myserver” by the name you gave to the file if different.
Generating your CSR on Simple Hosting
You can generate your CSR and Private Key on your Simple Hosting instance by connecting to the SSH Console.
Navigate to the /srv/data/tmp folder:
$ cd /srv/data/tmp
And then run the openssl command described above.
Generating your CSR With Microsoft IIS
In the Windows “control panel” → “administration tools”, select IIS management.
Right-click on the website in question and then select “properties”.
From the “Directory Security” tab, click on “Server certificate”, and choose “Create a new certificate”, then “Prepare the request now but send it later”.
The creation form now requests the same information as listed for OpenSSL (see above). Fill in the fields appropriately, paying close attention to the subdomain, domain, and wildcard specification as appropriate.
Indicate the file where your CSR will be saved at the end of the process. You will need to copy and paste the contents of the file during the activation of the certificate on Gandi's website.