This article deals with generating a CSR request and a private key for an SSL (HTTPS) certificate. If you want to activate HTTPS automatically with a Let’s Encrypt certificate on your Webhosting, follow the instructions in the article Webhosting – Quick HTTPS Setup.
In this article, you will learn:
- How to generate a private key and CSR
- How to generate a certificate
- How to set up the certificate on Webhosting
- Frequently asked questions
Generate Private Key and CSR
The first step to generate your own certificate is to generate a private key and submit a CSR (Certificate Signing Request). You can submit this request, for example, via an online CSR Generator. Please read the warning instructions carefully before submitting the form.
If you want to generate the private key and CSR yourself, you can use the Linux OpenSSL tool. In the terminal, do the following:
- Generate private key:
- Generate CSR:
- Fill in the required information. The certification authority will verify this information before issuing the certificate. Pay special attention to these items:
- Country Name (2 letter code)
- State or Province Name (full name)
- Locality Name (eg, city)
- Organization Name (eg, company)
- Common Name (e.g. server FQDN or YOUR name) (Web/domain name)
- Email Address
The system generates the private key and the request and stores them in unencrypted files private_key.key and CSR_request.csr.
Save the private key file in a safe place, ideally on an external drive dedicated only for this purpose.
Generate Certificate
WEDOS does not offer or broker the issuance of certificates (other than the Let’s Encrypt certificate).
We recommend contacting a reliable intermediary who will help you obtain a certificate, because it may not always be a simple and easy-to-understand matter.
Request a certificate for the domain name you use in your website’s URLs. If the names do not exactly match, the communication will be encrypted but not trusted (the browser will display a warning).
If you need to secure multiple subdomains, request a “wildcard” certificate *.domain.tld.
You can secure multiple domains (aliases) with a SAN (Subject Alternative Name) certificate.
Own Certificate on Webhosting
After obtaining the certificate, enter it in the administration panel with the following steps:
- Log in to the customer administration panel.
- In the navigation bar, select Web & Email Hosting Webhosting.
- Choose the Webhosting to set up SSL on.
- In the left menu, select HTTPS.
- Choose HTTPS with Own Domain Certificate (SNI).
- Enter the priváte key and certificate, both in PEM format.
- Click the Change button.
The certificate settings will typically take effect within 90 minutes.
FAQ
Question: How do I create a CSR request for both the domain and subdomains?
Odpověď: Enter only the domain name in the CSR request. A quality certification authority or intermediary will complete the details of the certificate based on the selected variant (wildcard, SAN, …) during verification.