How to make sure domain is correct in the CSR?

Right after a successful checkout you can see your newly purchased certificate in your account. The biggest concern at this stage is that your new certificate is not assigned to any domain or subdomain name. It is a tabula rasa for now which can be “attached” to a domain (or subdomain) you have registered or have control over. The whole process begins with the CSR code.

If you’re activating a PositiveSSL, EssentialSSL, PositiveSSL Wildcard, EssentialSSL Wildcard then you will be able to take the advantage of an automatic browser-side CSR and Private key generation right during the activation flow.

In this case, you may not need to generate the CSR and the Private key at the server side.

CSR (Certificate Signing Request) is basically general information sent to the Certificate Authority who will be validating your order and issuing the certificate. It contains reference about your company, its address and, most importantly, the domain name behind your online business. Your future SSL certificate will be issued for the exact domain name indicated in the CSR code, so it is obvious that the correct domain name in the code saves a lot of time and efforts.

The CSR code is generated on the web server where your web site is hosted. You can ask your hosting provider to generate one for you or try to create it by means of your web server software. You can check and enjoy these how-to guides for different web server platforms.

NB: Instructions for CSR code generation are not related to the type of Certificate Authority that will be validating your certificate. Steps and guides you need to follow depend on your exact web server type and web server software installed on a server.

Generally, you will need to provide your hosting provider with/ enter the following details during the CSR code generation:

  • Common name (CN);
  • Company (or Organization - O);
  • Company division (or Organization Unit - OU);
  • Country (C);
  • State (S);
  • Locality (L) or City;

When you have your CSR code at hand, you will see a block of encoded text which looks like this:

-----BEGIN CERTIFICATE REQUEST-----

MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9yb

mlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGU

*** More encoded data here***

gSW5jMR8wHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQD

Ew53d3cuZ26iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn

-----END CERTIFICATE REQUEST-----

Common name in the CSR code is the most important and the only required field, since it is your subdomain or domain name that you would like to have SSL-secured. This is the web site visitors will see in the address bar of their browsers after https://

csr_ok_1.png

or

csr_ok_2.png

Common name is a FQDN (Fully Qualified Domain Name). It can be either a domain name or subdomain name of a root domain (subdomain.example.com). Common name is what “ties” your SSL certificate and your domain name. As a result of this “connection”, SSL certificate is valid for the FQDN indicated as common name in the CSR code alone.

Example: SSL certificate issued for www.mydomain.com can secure www.mydomain.com (and mydomain.com in some cases). If your website visitor tries to access https://anything.mydomain.com, a warning will be displayed in the web browser. When we have SSL certificate activated with the CSR code for anything.mydomain.com https://mydomain.com and https://www.mydomain.com access attempts will result in warnings as well. From this point of view, SSL certificate is a great “What You See Is What You Get” example.

Common name in the CSR code needs to be of a certain format. General requirements are latin alphanumeric characters and no special symbols like ! @ # $ % ^ ( ) ~ ? > < & / \ , . " ' _ More peculiarities are described here for your reference. IDN (International Domain Names) common names should be first converted into the punycode, and then indicated in the CSR.
Note that our in-browser CSR code generator supports IDNs with the following TLDs.

COMODO CA (single domain SSL) can cover a bare domain (mydomain.com) name and a www-subdomain (www.mydomain.com) within one SSL certificate.

Let us have a look what we might want to secure with our SSL certificate and what needs to be indicated as common name in the CSR code so that we can achieve our aim.

We want to have https:// for… Common name in the CSR code Which SSL is good for me?

https://mydomain.com

+ https://www.mydomain.com within one certificate

You can have your CSR code generated for mydomain.com or for www.mydomain.com common name.

Both will be covered anyway.

PositiveSSL

EssentialSSL

EV SSL

InstantSSL

InstantSSL Pro

PremiumSSL

https://mydomain.com

+

https://www.mydomain.com

https://mydomain.net

https://www.mydomain.net

https://myotherdomain.org

https://sub.myotherdomain.org

https://sub.mydomain.com


*up to 100 host names*

Option#1: mydomain.com and all other domain names you’d like to include in your Multi-Domain certificate



Option#2: mydomain.com and type other domain names manually during the activation process as shown on the screenshot below *.

PositiveSSL Multi-Domain(!)

EV Multi-Domain SSL (!)

Unified Communications(!)

Multi-Domain SSL(!)

(!) Multi-Domain certificates consider www.mydomain.com and mydomain.com as two different host names. Please indicate them in your CSR code separately.

*Manual domain name entry:

csr_ok_3.png

We want to have https:// for… Common name in the CSR code Which SSL is good for me?

https://domain.com

https://www.domain.com

https://sub1.domain.com

https://sub2.domain.com

https://sub3.domain.com

*.domain.com

PositiveSSL Wildcard

EssentialSSL Wildcard

PremiumSSL Wildcard

all possible and unlimited same-level subdomain names of domain.com

https://sub1.sub.domain.com

https://sub2.sub.domain.com

https://sub3.sub.domain.com

https://sub4.sub.domain.com

*.sub.domain.com (!)

(!) Please do not generate a CSR code with *.*.mydomain.com in order to secure second- and third-level subdomain names. Such CSR code cannot be used for Wildcard certificate activation. If you need to secure many second- and third-level subdomain names, please consider a Multi-Domain certificate.

We are always here for you, if you would like to double-check which certificate suits you most or check your CSR code with us prior to certificate’s activation. Please submit a ticket with us here or check the issue with our agent in real time!