Webhosting – Own SSL (HTTPS) Certificate

  Web Hosting

This article deals with generating a CSR request and a private key for an SSL (HTTPS) certificate. If you want to activate HTTPS automatically with a Let’s Encrypt certificate on your Webhosting, follow the instructions in the article Webhosting – Quick HTTPS Setup.

In this article, you will learn:

Generate Private Key and CSR

The first step to generate your own certificate is to generate a private key and submit a CSR (Certificate Signing Request). You can submit this request, for example, via an online CSR Generator. Please read the warning instructions carefully before submitting the form.

If you want to generate the private key and CSR yourself, you can use the Linux OpenSSL tool. In the terminal, do the following:

  1. Generate private key:
  2. openssl genrsa -out private_key.key 2048
  3. Generate CSR:
  4. openssl req -new -key private_key.key -out CSR_request.csr
  5. Fill in the required information. The certification authority will verify this information before issuing the certificate. Pay special attention to these items:
    • Country Name (2 letter code)
    • State or Province Name (full name)
    • Locality Name (eg, city)
    • Organization Name (eg, company)
    • Common Name (e.g. server FQDN or YOUR name) (Web/domain name)
    • Email Address

The system generates the private key and the request and stores them in unencrypted files private_key.key and CSR_request.csr.

Save the private key file in a safe place, ideally on an external drive dedicated only for this purpose.

Generate Certificate

WEDOS does not offer or broker the issuance of certificates (other than the Let’s Encrypt certificate).

We recommend contacting a reliable intermediary who will help you obtain a certificate, because it may not always be a simple and easy-to-understand matter.

Request a certificate for the domain name you use in your website’s URLs. If the names do not exactly match, the communication will be encrypted but not trusted (the browser will display a warning).

If you need to secure multiple subdomains, request a “wildcard” certificate *.domain.tld.

You can secure multiple domains (aliases) with a SAN (Subject Alternative Name) certificate.

Own Certificate on Webhosting

After obtaining the certificate, enter it in the administration panel with the following steps:

  1. Log in to the customer administration panel.
  2. In the navigation bar, select Web & Email Hosting Webhosting.
  3. Choose the Webhosting to set up SSL on.
  4. In the left menu, select HTTPS.
  5. Choose HTTPS with Own Domain Certificate (SNI).
  6. Enter the priváte key and certificate, both in PEM format.
  7. Click the Change button.
Sample HTTPS Setup with Custom Certificate on Domain (SNI)

The certificate settings will typically take effect within 90 minutes.

FAQ

Question: How do I create a CSR request for both the domain and subdomains?
Odpověď: Enter only the domain name in the CSR request. A quality certification authority or intermediary will complete the details of the certificate based on the selected variant (wildcard, SAN, …) during verification.

Děkujeme za zpětnou vazbu!