Web hosting – setting own SSL certificate

  Settings, Web Hosting

The article is a manual to get your own SSL certificate. We will go through CSR request, certificate keys and WEDOS web hosting settings. If you prefer automatic SSL settings and renewing, follow the HTTPS at web hosting manual.

This manual will guide you through:

Private key and CSR request

First step to obtain your own SSL certificate is the private key and the CSR (Certifikate Signing Request). The CSR may be created for example in online CSR generator. Or use the CSR generator provided by chosen certificate authority. Follow all its instructions.

To obtain a private key and a CSR request in your PC, use the Linux OpenSSL tool. How to do it?

  1. Create a private key:
  2. openssl genrsa -out private_key.key 2048
  3. Create a CSR:
  4. openssl req -new -key private_key.key -out CSR_request.csr
  5. Fill all required information. The certification authority may need to verify all your details. Make sure these information are valid:
    • Country Name (2 letter code): country code, 2 symbols
    • State or Province Name (full name): full country name
    • Locality Name (eg, city): city name
    • Organization Name (eg, company):full name
    • Common Name (e.g. server FQDN or YOUR name):your domain
    • Email Address: your e-mail
Example: CSR information for the wds-test.cz domain
Country Name (2 letter code) [AU]: CZ
State or Province Name (full name) [Some-State]: Cesko
Locality Name (eg, city) []: Hluboka nad Vltavou
Organization Name (eg, company) [Internet Widgits Pty Ltd]: WEDOS INTERNET a.s.
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []: wds-test.cz
Email Address []: admin@wds-test.cz
A challenge password []:
An optional company name []:

Your system will create a private key and a CSR request, both will be saved to private_key.key and CSR_request.csr files. Save the private key file to a well secured storage, the best option may be external drive only for this file.

Issue a certificate

WEDOS does not issue any certificates (we only have automated system for Let’s Encrypt authority). To secure your website we recommend to choose a trustworthy certificate authority, e.g.:

Request a certificate for your domain name. Your URL must perfectly match the domain in certificate. If you use subdomains, fill them in the certificate request. Note that www is also a subdomain. Usually there should be at least two domain names (www and non-www version). To secure high amount of subdomains ask for a wildcard certificate (*.domain.tld)

You can usually issue a certificate for more domain names (ideal when using our multihosting).

Example: the wds-test.cz domain certificate

The certificate for the wds-test.cz will be working for URL https://wds-test.cz only. Will not work for https://www.wds-test.cz, because the www subdomain is not included in the certificate.

The certificate for the www.wds-test.cz will work only for the https://www.wds-test.cz subdomain, will not work for https://wds-test.cz, nor any other subdomain, its issued only for the www subdomain of the wds-test.cz domain. Note that this situation will bring problems for many of your visitors, since they may access the non-www URL first, before being redirected.

The certificate for the *.wds-test.cz (star „wildcard“ certificate) will work for all the subdomains of https://wds-test.cz. It will not work for the domain itself (https://wds-test.cz), because it’s not a subdomain. Note that this situation will bring problems for many of your visitors, since they may access the non-www URL first, before being redirected.

Therefore, don’t forget to include both your domain and all subdomains (or wildcard).

Setting a certificate in the WEDOS Control Panel

When the certificate is issued:

  1. Go to the control panel.
  2. In the top navigation go to Hosting services >> Webhosting.
  3. Choose your web hosting from the list.
  4. In the left menu, go to the HTTPS link..
  5. Choose the HTTPS with your own certificate on the domain (SNI).
  6. Fill in all required information from the files you received from the certification authority. Use password only if set. Include the <BEGIN CERTIFICATE> and <END CERTIFICATE> tags. Our system will ask for any missing information. Certificate chain may be provided or not.
  7. Save with the Make changes button.
WEDOS Nastavení HTTPS s vlastníám certifikátem na doméně (SNI)
Setting your own certificate. Private key, certificate, certificate chain.

The certificate, if set successfully, will be valid within 90 minutes.

What is a PEM format?

PEM is a format for storing cryptographic data, mainly for keys, certificates. Example:

—–BEGIN CERTIFICATE REQUEST—–
MIICvzCCAacCAQAwejELMAkGA1UEBhMCQ1oxEjAQBgNVBAgMCUppaG9jZXNreTEc
MBoGA1UEBwwTSGx1Ym9rYSBuYWQgVmx0YXZvdTEOMAwGA1UECgwFV0VET1MxFjAU
BgNVBAsMDUlUIERlcGFydG1lbnQxETAPBgNVBAMMCHdlZG9zLmN6MIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yG2OAF077sioGsrXJjcbdyj/qokX6Xv
vDjKl4k9EtTwOtXuESU+M0XaMpsLRcaiZfe+Z//JsnRJ3o0Q691A3ZAjp7qcu3Yv
kx60cAslxey8Yn2x/+xgbVa/ij9haiQzoBatU+MvHNLzUY+eoJSmWiVptYIQkLEl
gpxM7ZJe6MaqfH5bRVmOk6dS3BfF6vIWwgqmlasQ7Uho/nJD9+3Trf2N7ziVCa3W
EDDb+8MjLAvn6Oyr70Z+ZrI436+nPC8coBtat4BoEA3ScDw5t43VfZmci+RQHYik
CMHnincY660DvYnJ0DRN30MZ0kMDjVzCPPbn9aFvAWxCYzTh/tqIXwIDAQABoAAw
DQYJKoZIhvcNAQELBQADggEBAAs8utyCq6fyVq+/PXXGL9W3URKUfg9VN+JwXXNv
7LlmxMCZbyLWklslltXR/G6YxEVzBcl19Jbtq5t1XV3o/cKK+aE0XXf3jnZ+Jzk3
/F1m+ZcLi2ayj4jhwP6lODWLLrQ+R4S9hL0WanogzR80BzOALQ1uWXgTARPIu/B5
YIYrHLdOAE4abjbKlXAVfXVrhh1D0cEBkmeOCkUISzlh1FxSPuefimEHB0jEVdnC
RkMAFC2mQY/55KBRsqKLqWcjaw603IynR4EDCndX3Z/nODatEqmzJY2pUPZoRYM4
MW04g23EHqjEey45KpMIeMx4P7ZTXhcF39J/C8LtnyKkv28=
—–END CERTIFICATE REQUEST—–

Tags in the beginning and the end are informative, but include it.

Frequently asked questions

Question: How to create a CSR request for domain and subdomains?
Answer: For CSR request use only your domain name. The certificate authority may ask you for subdomain list or maybe will use the common names automatically.

Byl pro Vás tento návod užitečný?