Generate an SSL Certificate and Signing Request

Use this interface to generate both a self-signed certificate and a certificate signing request for a domain.

Contact Information

When generating a certificate signing request, we can send a copy of the generated self-signed certificate, the private key and the certificate signing request. Depending on your mail service provider, your mail may be sent over an insecure channel. We do not recommend sending private keys if the email service provider you use does not support secure mail via SSL/TLS.

When complete, email me the certificate, key, and CSR.

Email Address:

Provide your email address to receive a copy of the generated certificate, key, and CSR.

Private Key Options

When the system generates a self-signed certificate and CSR, the system also generates a new private key for the certificate and CSR. To protect the certificate, this key must be confidential. Do not send the private key through an insecure method.

Key Type:

Certificate Information

The information provided below is used to create a self-signed certificate and the corresponding certificate signing request. Since this is the information that users will see when they access a site via SSL, it is important to provide accurate and valid information.

Domains: Required

Provide the FQDNs that you wish to secure, one per line. To create and use a wildcard domain, add an asterisk to the domain name as in the following example: *.example.com. NOTE: Many CAs charge a higher price to issue multiple-domain certificates (sometimes called “UCCs” or “SAN certificates”) and certificates that include wildcard domains.

City:

Provide the complete name for the city or locality. Do not use abbreviations.

State:

Provide the complete name for the state or province. Do not use abbreviations.

Country:

Choose the country of origin for the certificate’s company.

Company Name:

Provide the legally-registered name for your business. If your company name includes symbols other than a period or comma, check with your certificate authority to confirm that they are acceptable.

Company Division:

Provide the name of the division or group within the above company. If the division includes symbols other than a period or comma, check with your certificate authority to confirm that they are acceptable.

Email:

Email address at which the CA can contact you to obtain verification of domain ownership.

Shared Secrets

Some certificate authorities may require CSRs to have a passphrase. The certificate authority can use a CSR passphrase to confirm the identity of the person or organization with whom you wish to communicate. CSR passphrases are stored unencrypted in the CSR. Because of this, and also because you will share this passphrase with a third party, do not use an important password here.

Passphrase:

Do not use an important password. Passphrases stored in CSRs are not encrypted, which means third party attackers can easily read these passphrases.