A Certificate Signing Request (CSR) is a file you use to request an SSL certificate from a Certificate Authority (CA). The CSR contains information such as your name, address, domain name, and email, along with your public key. The Certificate Authority will then validate the information in the CSR to ensure it's correct before creating your SSL certificate.
There are two ways to create a CSR at DreamHost:
You only need to use these instructions if you wish to purchase your SSL certificate at another company.
The instructions in this article explain how to create a CSR at DreamHost. The external certificate authority company will then use it to create an SSL certificate for your DreamHost domain.
DreamHost also offers free and paid SSL certificates, which you can add in your panel. View the following articles for further information:
Requesting a CSR from support
DreamHost support is able to create a CSR for you upon request.
Requests must be submitted by email on the Contact Support page in your panel.
When submitting the support request, make sure to clearly state that you need a CSR created for your domain. Support will need the following information to create the CSR:
- Country Name (2 letter code):
- State or Province Name (full name – no abbreviations!):
- Locality Name (e.g., city):
- Organization Name (e.g., company name):
- Organizational Unit Name (e.g., company section name):
- Common Name (e.g., SECURE DOMAIN NAME – do not include http://, https://, or www before the domain name. For example, just type: example.com):
- Email Address:
Once created, support will email you instructions on how to download the new CSR file.
Manually creating a CSR
To proceed with these steps, you must have a Shell user configured in your panel and general knowledge of the UNIX Shell. View the following articles for further information.
Creating a CSR
The following steps create a private key and CSR file.
The CSR must be created on the server where the SSL certificate will be used.
- Log into your domain via SSH.
- Navigate into your user's home directory:
[server]$ cd ~
- Run the following command to generate a new RSA private key.
[server]$ openssl genrsa -out private.key 2048
- This creates a file named private.key in the user's home directory. You’ll use this to create the CSR in the next step.
- Run the following command to create the CSR:
[server]$ openssl req -new -sha256 -key private.key -out file.csr
- You are prompted for the following information:
Common Name is where you put your domain name, e.g., example.com or www.example.com.
For the challenge password and optional company name, type in a period and press the Enter key to proceed.
Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) : Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) : Common Name (eg, YOUR name) : Email Address : Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : . An optional company name : .
Viewing the CSR file
Your CSR is created in a file named file.csr. You can view its contents by running the following command:
[server]$ cat file.csr
You can either cut and paste this code to a file on your local computer or log into your server via FTP and download the file.
Using the CSR file
The final step is to provide the CSR file to the certificate authority company where you are purchasing an SSL certificate. They will then use the CSR file to order/renew a signed SSL certificate for you to use at DreamHost.