Certificate Signing Request (CSR)
When requesting an SSL Certificate, a CSR (Certificate Signing Request) is required. The CSR is encrypted text containing information about the certificate that needs to be requested. For each certificate request a new CSR is required. With a CSR you can request a certificate online.
How do I generate a CSR?
How to generate a CSR, depends on the type of server you use. In our Knowledgebase you'll find manuals for generating a CSR, as well as for installing a certificate for the most common servers and network equipment. Please contact us if there are any questions.
What's in a CSR?
A CSR consists of two parts:
- Request information, such as the domain name en the Organisation Name.
- A digital signature with a keysize of at least 2048 bits.
Example of a CSR:
-----BEGIN NEW CERTIFICATE REQUEST-----
<meer regels met gecodeerde data>
-----END NEW CERTIFICATE REQUEST-----
Reuse a CSR
You can download the CSR used for the request in the Control Panel. This way you can easily reuse it a for reissue or renewal. In terms of safety it is advisable to use a new CSR, some webservers (like IIS and Exchange) even require this.
CSR for a Wildcard Certificate
For requesting a Wildcard Certificate, the Common Name must contain a * (asterisk) instead of the subdomain. For example *.yourdomain.com (in stead of sub.yourdomain.com). The asterisk automatically applies to all subdomains, it's not necessary to name these individually.
When requesting a CSR, two keys will be saved on your server: a Private Key and a Public Key. The Private Key must be kept secret and should at all times remain on the server. Without the Private key the certificate does not work. The Public Key will be added in the CSR and will be sent when ordering via our request form. When all validationprocedures are finished the Certification Authority (for example Sectigo) digitally signs the CSR. The issued certificate corresponds with the Private Key and can be validated with that while installing.