Generate an SSL Certificate and Signing Request

Valid for versions 92 through the latest version

Version:

92


Last modified: November 20, 2020

Overview

This feature allows you to simultaneously generate both a self-signed SSL certificate and a certificate signing request (CSR) for a domain. You can also use this interface to generate private keys, which are essential for self-signed certificates and purchased certificates. To purchase a certificate, submit the CSR to your chosen certificate authority (CA). They will provide you with a certificate, typically in a .zip file via email.

For more information, read our Purchase and Install an SSL Certificate documentation.

Contact Information

To receive the SSL certificate, private key, and CSR in an email, enter an email address in the Email Address text box.

Select the When complete, email me the certificate, key, and CSR. checkbox to receive a copy of the request that this interface generates.

Important:
Do not select this checkbox if your email service provider does not support secure mail via SSL/TLS.

Private Key Options

Select the desired key from the Key Type menu. You can select from the following keys:

  • RSA, 2,048-bit - (default)

  • ECDSA, P-384 (secp384r1)

  • ECDSA, P-256 (prime256v1)

  • RSA, 4,096-Deliverability

For information about each of these keys, read our SSL/TLS Key Types documentation.

Certificate information

To generate an SSL certificate and CSR, perform the following steps:

  1. In the Domains text box, enter the domain name of the website that the certificate will secure.
    • You can enter a wildcard-formatted domain name to install the same certificate on any number of subdomains if they share an IP address. For example, you can use a wildcard certificate for *.example.com to securely connect to the mail.example.com and www.example.com domains.
    • You can also enter multiple domains, with one domain per line.
    • For more information about how to share SSL certificates, read our Manage SSL Hosts documentation.
  2. In the City text box, enter the complete name of the city in which your servers are located.
  3. In the State text box, enter the complete name of the state in which your servers are located.
  4. In the Country text box, select the country of origin for the certificate.
  5. In the Company Name text box, enter your business’s complete name.
    Note:
    Some certificate authorities may not accept special characters in the Company Name and Company Division text boxes. If your company name includes symbols other than a period or a comma, ask your CA to confirm whether you can use these characters.
  6. In the Company Division section, enter the name of the department or group within the company. This information is optional.
  7. In the Email text box, enter a secure contact email address that your CA can use to verify domain ownership.

Shared Secrets

Enter a passphrase in the Passphrase text box if your certificate authority requires one for verification purposes.

Create

After you enter the correct information, click Create. WHM will display the CSR with its SSL certificate and private key.

  • Copy and paste these items into the correct directories.
  • If you provided an email address, the system also sends the information to that email address.
  • You can view the keys, certificates, and CSRs that you create in WHM’s SSL Storage Manager interface (WHM » Home » SSL/TLS » SSL Storage Manager).
Note:

The system saves this information in the following directories on your servers:

  • CSR — /var/cpanel/ssl/system/csrs
  • SSL certificates — /var/cpanel/ssl/system/certs
  • Private keys — /var/cpanel/ssl/system/keys

If you purchased an SSL certificate, provide the CSR to the company from which you purchased the SSL certificate.

If you used a self-signed certificate, navigate to WHM’s Install an SSL Certificate on a Domain interface (WHM » Home » SSL/TLS » Install an SSL Certificate on a Domain) to install the certificate.

Additional Documentation