Generate CSR Key

laklak · January 12, 2024, 7:32pm

Hello

I want to generate the CSR for RapidSSL Wildcard Certificate

How can I generate CSR Key in hestiacp server

sahsanu · January 12, 2024, 10:29pm

This question is not related to Hestia and you should ask to your certificate provider but…

You could use openssl to generate it, and there are also a few online generators out there like https://certificatetools.com/csr-generator

You should ask your certificate provider whether you need to include the SANs in the certificate or they will be added during the order process. Just in case you don’t know it, if you request a certificate for *.example.com it will be valid only for subdomains like www.example.com, mail.example.com, etc. but won’t be valid for example.com or sub.www.example.com so I recommend to add *.example.com and example.com to the same certificate.

Example creating csr for example.com and *.example.com using key of 2048 bits:

openssl req -sha256 -nodes -new -newkey 2048 -keyout example.com.key -out example.com.csr -subj "/CN=*.example.com" -reqexts SAN -config <(echo -e "[req]\\ndistinguished_name=example.com\\n[example.com]\\n[SAN]\\nsubjectAltName=DNS:example.com,DNS:*.example.com")

You could also add the Country, the City, Organization, etc. but don’t know whether this will be included in the certificate you want to request.

Note: you should replace CC by your country code (US, UK, ES, etc.), also the other attributes and of course the domain name.

openssl req -sha256 -nodes -new -newkey 2048 -keyout example.com.key -out example.com.csr -subj "/C=CC/ST=YourState/L=YourCity/O=YourOrganization/OU=YourDepartment/CN=*.example.com" -reqexts SAN -config <(echo -e "[req]\\ndistinguished_name=example.com\\n[example.com]\\n[SAN]\\nsubjectAltName=DNS:example.com,DNS:*.example.com")

You must send example.com.csr to your certificate provider and save really well the private key example.com.key (if you lost it you won’t be able to use the certifcate).

Note: If you are using Hestia as DNS server for your domain, you could issue a wildcard certificate from Let’s Encrypt for free.

laklak · January 13, 2024, 6:42am

Thank you very much for your guidance

eris · January 13, 2024, 11:31am

Edit web → Generate Self Signed Certificate will also generate the CSR fine

Make sure to keep the .key and .csr fine …

system · February 12, 2024, 11:32am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.