This article deals with generating a CSR request and private key for an SSL certificate. If you want to enable HTTPS automatically on your Webhost with a Let's Encrypt certificate, follow the instructions in the Webhosting - Quick HTTPS Setup article.
In this article you will learn:
- How to generate a private key and CSR
- How to generate a certificate
- How to enter a certificate into web hosting administration
- Frequently Asked Questions
Private Key Generation and CSR
The first step to generating your own certificate is to generate a private key and submit a Certificate Signing Request (CSR). You can submit this request for example via the online CSR Generator ⧉ (external link). Please read the warning instructions carefully before completing the form.
If you want to generate the private key and CSR yourself, you can use the Linux tool OpenSSL. In the terminal, do the following:
- Generate a private key:
openssl genrsa -out privatni_klic.key 2048 - Generate a CSR request:
openssl req -new -key privatni_klic.key -out CSR_zadost.csr - Fill in the required information without accents. The CA will verify this information before issuing the certificate. Pay special attention to the following items:
- Country Name (2 letter code).
- State or Province Name (full name): full name of country
- Locality Name (eg, city).
- Organization Name (eg, company): full name of the natural person or name of the organization
- Common Name (e.g. server FQDN or YOUR name): site name (domain)
- Email Address: contact email
The system generates the private key and request and stores them in the unencrypted files privatni_klic.key and CSR_zadost.csr.
Store the private key file in a secure location, ideally on an external drive dedicated for this purpose only.
Generating a certificate
WEDOS does not offer or provide certificate issuance (except for the Let's Encrypt ⧉ certificate).
For website security, we recommend choosing one of the foreign certification authorities. There are also a number of Czech intermediaries who can help you with obtaining a certificate, as it may not always be a simple and easy to understand matter.
Request a certificate for the domain name you use in your website URLs. If the names don't match exactly, the communication will be encrypted but not trusted (the browser will display a warning).
If you need to secure multiple subdomains, request a wildcard *.domena.tld certificate.
You can secure multiple domains (aliases) with a Subject Alternative Name (SAN) certificate.
Deploying a certificate on Webhosting
After obtaining the certificate, enter it into the administration by following these steps:
- Log in to the customer administration ⧉.
- From the top menu, select Hosting Services Webhosting.
- Select the web host on which you want to deploy the SSL certificate.
- Click on HTTPS in the left menu.
- Select HTTPS with a self-signed certificate on the domain (SNI).
- Fill in the form with the private key and certificate, both in PEM format. The private key password and certificate chain fields are optional.
- Click the Make Changes button.
The certificate setup typically takes 90 minutes to take effect.
Frequently Asked Questions
How do I create a CSR request for a domain and subdomains?
Enter only the domain name in the CSR request. A quality CA or broker will fill in the certificate details based on the selected variant (wildcard, SAN, ...) during verification.