Having to generate a CSR (Certificate Signing Request) to the Certificate Authority (CA) is a prerequisite before installing an SSL Certificate on your server, which is necessary to verify your website’s identity and ownership. A CSR is a document with your website’s public key and essential details about your company and domain. It is one of the first steps to get an SSL certificate from a CA.
TABLE OF CONTENTS
How to Generate a CSR
A Certificate Sighing Request is essential for obtaining SSL/TLS certificates, which encrypt data, enhance website security and protect online transactions. SSLs also help increase visitor trust and can improve search engine visibility.
Generating and submitting a CSR to the CA is a prerequisite before installing an SSL certificate on your server, guaranteeing the verification of your website’s identity and ownership.
CSRs provide details about the company or person requesting the certificate, which CAs use to confirm domain ownership and the authenticity of the certificate request for a domain name. They also contain the public and private keys needed for encrypting data transfers between your website and visitors.
To generate a CSR, you will need to provide the following details:
- Business Name
- Business Address
- Key Type and Size (the minimum is 2048-bit)
- Domain Name (EXAMPLE: www.example.co.za).
IMPORTANT: If you generate a CSR for a Wildcard SSL (for sub-domains), the common name must start with an asterisk, which assumes any name excluding a dot-character (EXAMPLE: *example.com).
The generated CSR must be pasted into the order form when configuring your SSL certificates to ensure your domain is secure. Here are links to the instructions for generating a CSR for these common web hosting platforms:
Apache Server (OpenSSL)
Microsoft Exchange Server
Microsoft IIS
Microsoft Lync
Tomcat Server (Keytool)
Domains.co.za will generate a CSR for you and install and configure the SSL certificate for your website when it is issued for you on our server.
Additional Information
Best Practices to Generate a CSR
When you generate a CSR, selecting the right encryption strength for the private key is essential. Typically, a 2048-bit RSA key is recommended for strong security, but higher strengths, such as 3072-bit or 4096-bit, might be chosen for enhanced protection.
Ensure that the CSR includes accurate information that will remain valid for the duration of the SSL certificate’s validity (one year).
If your website requires SSL certificates for various subdomains or multiple domains, think about using wildcard or multi-domain certificates. Just keep in mind that these will need extra configuration when generating the CSR to include all necessary domains.
If there are security breaches or changes within your business, such as domain name change as part of a rebrand, either revoke or renew your SSL certificate. Familiarize yourself with the CSR update process and obtain new certificates from your Certificate Authority (CA).
Protect the CSR and private key by making secure backups; losing these files can hinder certificate installation or lead to security risks. Keep encrypted backups and restrict access to authorised personnel.
Get to know the specific industry regulations and local compliance standards related to SSL certificate issuance and management to guarantee compliance.
After installing the SSL certificate, evaluate and modify your server’s SSL configurations to enhance security. This includes activating protocols such as TLS, setting up cipher suites, and applying HTTP Strict Transport Security (HSTS) to strengthen protection against possible threats.
