How to Generate a Certificate Signing Request (CSR) in cPanel
A Certificate Signing Request (CSR) is an encrypted text block that contains your domain information and public key. You must generate a CSR and provide it to your Certificate Authority (CA) when purchasing or renewing an SSL certificate. This guide details the process.
Step 1: Accessing the SSL/TLS Feature
- Log in to your cPanel control panel.
- Scroll down to the Security section and click on the SSL/TLS link.
- On the SSL/TLS page, locate the section titled Certificate Signing Requests (CSR) and click on the link labeled Generate, view, or delete SSL certificate signing requests.
Step 2: Entering Domain and Contact Details
- Fill in the required fields with accurate information. This information will be included in your SSL certificate.
- For the Domains field, enter the fully qualified domain name (FQDN) for which the certificate will be issued (e.g., yourdomain.com). If you are generating a Wildcard CSR, enter an asterisk before the domain name (e.g., .yourdomain.com).
- Complete the remaining fields: City, State/Province, Country, Company, Company Division (optional), and Email.
- Provide a descriptive Passphrase. While cPanel may not strictly require this for the generation process, some CAs might, and it is helpful for organizing your requests.
Step 3: Generating the CSR and Private Key
- Select the Key Size. The industry standard is 2,048 bits. It is advisable to use this size unless your Certificate Authority specifies otherwise.
- Click the Generate button. cPanel will now create two pieces of text: the Certificate Signing Request (CSR) and the Private Key.
- Copy the entire text from the CSR box, including the BEGIN and END lines. This is the text you will paste into your Certificate Authority’s order form.
Troubleshooting and Advice
Troubleshooting the CSR generation process often involves ensuring the data entered is correct, particularly the domain name.
1. Private Key Safety: The Private Key is generated automatically along with the CSR and stored securely by cPanel. You must never share this Private Key with anyone, especially not your Certificate Authority. If the Private Key is compromised, the security of your future SSL certificate is also compromised.
2. Common Name Errors: Ensure the domain name (Common Name) in the CSR exactly matches the domain you intend to secure. For example, if the certificate is for mail.yourdomain.com, the CSR must specify mail.yourdomain.com, not just yourdomain.com.
3. Verifying the CSR: Before submitting the request, you can use an online CSR Decoder tool. Pasting the generated CSR into one of these tools will confirm that all the organization and domain details you entered are correctly embedded in the request. This avoids delays with the Certificate Authority.
4. Keep a Backup: After the key generation, you will see an option to download a copy of the Private Key. While cPanel stores it, it is wise to download and securely store a backup copy in a safe, encrypted location outside of your cPanel account.
