How do I generate a CSR Wildcard?

Procédure

What is a CSR Wildcard?

When you want to activate an SSL certificate, you first need to generate a CSR key. A CSR Wildcard is a certificate signature request. It is a block of encrypted text specifying the domain name to be protected and who you are.

If you wish to purchase an SSL certificate, you will first need to generate the CSR key, which you will be asked to do when you sign up for the certificate with the service provider concerned (Trustico, for example).

How do I generate a CSR Wildcard?

To generate the CSR key, you will need SSH access to your server (hosted server or computer running Linux or OS X / macOS or Windows). To generate this key, you need to type the command below in your SSH terminal or command manager:

openssl req -nodes -newkey rsa:2048 -sha256 -keyout myserver.key -out server.csr

To give you a better understanding of the command, its various components are explained below:

• newkey rsa:2048: This generates a CSR request and the private key. 2048 corresponds to 2048-bit RSA encryption.
• sha256: will use the SHA256 algorithm when signing the CSR request.
• keyout myserver.key: Used to save the file containing the private key under the name "myserver.key".
• out serveur.csr: Saves the CSR file in the command directory. You can change the name for ease of use.

Once the command has been typed into your SSH terminal, you will be asked for some identification data. This data is required for verification by the certification authority. This information includes :

• Country Name: this is your country. This must be entered as a code (FR for France, EN for England, for example).
• State or Province Name: This is the region or province in which you live.
• Locality Name: Enter the name of your town or city.
• Organization Name: Although not compulsory for Standard SSL, this is compulsory if you wish to subscribe to a professional SSL certificate. In this field, enter the name of your company and/or the company name.
• Common Name: Enter the domain name for which you want the SSL certificate.
• Email Address: Although this is not compulsory, it is still advisable to enter your email address.
• A challenge password: We recommend that you leave this field blank.
• An optional company Name: As with the previous field, this can be left blank.

When the command is run, two files will be created, a private .key and a public CSR file. Note that the private key must not be divulged. It will also be needed to install the certificate. It is also important to know that this key cannot be replaced or substituted.

Once the CSR has been generated, you will need to copy the contents of this file and paste it into the relevant field of the service provider with whom you wish to subscribe to the SSL certificate. To do this, you can open the file using a text editor or the following command:

cat myserver.csr

It should also be noted that you need to copy/paste the entire file, which also includes the :

-----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST-----

Conclusion

You can now generate the CSR file and the private key to subscribe to a Paid SSL certificate.

If you have any questions or comments, please let us know.