Creating a CSR

 

Overview

This article explains two ways to create a Certificate Signing Request (CSR) at DreamHost.

Background

A Certificate Signing Request (CSR) is a file you use to request an SSL certificate from a Certificate Authority (CA). The CSR contains information such as your name, address, domain name, and email, along with your public key. The Certificate Authority will then validate the information in the CSR to ensure it's correct before creating your SSL certificate. 

There are two ways to create a CSR at DreamHost:

These instructions are only necessary if you wish to purchase your SSL certificate at another company. The external certificate authority company will then use it to create an SSL certificate for your DreamHost domain.

If you have no reason to purchase the SSL certificate at another company, you can instead add a free or paid SSL certificate within your DreamHost panel.

Requesting a CSR from support

DreamHost support is able to create a CSR for you upon request.

  1. Submit a support request via email on the Contact Support page in your panel. Make sure to clearly state that you need a CSR created for your domain.
  2. Provide the following information to create the CSR:
    • Country Name (2 letter code):
    • State or Province Name (full name – no abbreviations!):
    • Locality Name (e.g., city):
    • Organization Name (e.g., company name):
    • Organizational Unit Name (e.g., company section name):
    • Common Name (e.g., SECURE DOMAIN NAME – do not include http://, https://, or www before the domain name. For example, just type: example.com):
    • Email Address:
  3. Support will create the CSR and respond with instructions on how to download the new CSR file.
  4. Provide this CSR file to the company you are purchasing an SSL certificate from. They will then use the CSR file to order/renew a signed SSL certificate for you to use at DreamHost.

Creating a CSR manually

You are able to manually create a CSR by logging into your server via SSH and running the commands below.

To proceed with these steps, make sure you have you have created a shell user and are able to log into your server via SSH.

  1. Log into your domain via SSH.

    The CSR must be created on the server where the SSL certificate will be used. 

  2. Navigate into your user's home directory:
    [server]$ cd ~
  3. Run the following command to generate a new RSA private key.
    [server]$ openssl genrsa -out private.key 2048
    This creates a file named private.key in the user's home directory. You’ll use this to create the CSR in the next step.
  4. Run the following command to create the CSR. Enter each field with your domain's information.
    [server]$ openssl req -new -sha256 -key private.key -out file.csr   
    Country Name (2 letter code) [AU]: 
    State or Province Name (full name) [Some-State]: 
    Locality Name (eg, city) []: 
    Organization Name (eg, company) [Internet Widgits Pty Ltd]: 
    Organizational Unit Name (eg, section) []: 
    Common Name (eg, YOUR name) []: 
    Email Address []: 
    
    Please enter the following 'extra' attributes 
    to be sent with your certificate request 
    A challenge password []: .
    An optional company name []: .

    Common Name is where you put your domain name, e.g., example.com or www.example.com.

    For the challenge password and optional company name, type in a period and press the Enter key to proceed.

Viewing the CSR file

Your CSR is created in a file named file.csr. You can view its contents by running the following command:

[server]$ cat file.csr

You can either cut and paste this code to a file on your local computer or log into your server via FTP and download the file.

Using the CSR file

The final step is to provide the CSR file to the certificate authority company where you are purchasing an SSL certificate. They will then use the CSR file to order/renew a signed SSL certificate for you to use at DreamHost. 

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?