Certificate Signing Request (CSR) is a text file containing encrypted information about a domain registrant and a public key.
A CSR may be generated when ordering an SSL certificate or on the web server.
In order to generate a CSR, enter your contact details in Latin characters at a relevant step of the order wizard when ordering an SSL certificate. At the next step, a CSR will be generated with a private key to be installed on the web server together with an SSL certificate.
Note: Please safely store your private key in a separate file that cannot be accessed by third parties. In case of losing the private key, a new certificate will have to be generated and issued.
The following fields are to be filled in with Latin characters during CSR generation on the web server:
CSR fill-in recommendations:
When creating a CSR for a Microsoft IIS web server, we recommend that you do it directly on the web server in order to avoid problems with installing an SSL certificate in future.
A CSR may also be generated with a private key on the server where the certificate is to be installed.
Note: If you use a shared infrastructure of physical servers for your website and a Microsoft IIS web server, when generating a CSR and a private key you should specify that your CSR and private key should be exportable, otherwise you will not be able to install the certificate on several servers and will have to reissue the certificate.
For certificates validating domains (certificates with simplified validation), there are several ways to check domain ownership:
— Receiving a letter at an email address on the domain.
The letter will be sent to an address of one of the following types:
In addition, [domain_name] should correspond to the Common Name (CN) field in a CSR.
In case a certificate is ordered for a subdomain, it is allowed to use an email address on the second-level domain.
For example, the following email addresses can be used for ordering a certificate for www.test.ru:
— Placing an html-file into a website root directory.
A file name and its contents will be sent to the email address specified in the contract.
— Making a CNAME record.
Record contents will be sent to the email address specified in the contract.
CNAME record (Canonical Name) allows assigning mnemonic names to the host. Mnemonic names or aliases are widely spread for linking any function to the host, or just for shortening names.
CNAME record to be made in the DNS zone is written as:
dns_string CNAME sYYYYMMDDhhmmss. Domain
where dns_string represents a variable generated by the Certification Authority software
YYYY is a year when a certificate was ordered, for example, 2016
MM is a month when a certificate was ordered, for example, 04
DD is a day when a certificate was ordered, for example, 05
hh means hours
mm means minutes
ss means seconds