How to make sure domain is correct in the CSR?

Right after a successful checkout you can see your newly purchased certificate in your account . The biggest concern at this stage is that your new certificate is not assigned to any domain or subdomain name. It is a tabula rasa for now which can be “attached” to a domain (or subdomain) you have registered or have control over. The whole process begins with the CSR code.

CSR (Certificate Signing Request) is basically general information sent to the Certificate Authority who will be validating your order and issuing the certificate. It contains reference about your company, its address and, most importantly, the domain name behind your online business. Your future SSL certificate will be issued for the exact domain name indicated in the CSR code, so it is obvious that the correct domain name in the code saves a lot of time and efforts.

The CSR code is generated on the  web server where your web site is hosted. You can ask your hosting provider to generate one for you or try to create it by means of your web server software. You can check and enjoy these how-to guides for different web server platforms. More server types and instructions can be checked with Certificate Authority directly - Comodo

 NB: Instructions for CSR code generation are not related to the type of Certificate Authority that will be validating your certificate. Steps and guides you need to follow depend on your exact web server type and web server software installed on a server.

Generally, you will need to provide your hosting provider with/ enter the following details during the CSR code generation:

Common name (CN);

  • Company (or Organization - O);
  • Company division (or Organization Unit - OU);
  • Country (C);
  • State (S);
  • Locality (L) or City;

When you have your CSR code at hand, you will see a block of encoded text which looks like this:

 -----BEGIN CERTIFICATE REQUEST-----

MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGU

   *** More encoded data here***

gSW5jMR8wHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQD

Ew53d3cuZ26iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn

-----END CERTIFICATE REQUEST-----

 Common name in the CSR code is the most important part, since it is your subdomain or domain name that you would like to have SSL-secured. This is the web site visitors will see in the address bar of their browsers after https://

 

or



Common name is a FQDN (Fully Qualified Domain Name). It can be either a domain name or subdomain name of a root domain (subdomain.example.com). Common name is what “ties” your SSL certificate and your domain name.  As a result of this “connection”, SSL certificate is valid for the FQDN indicated as common name in the CSR code alone.

 Example:  SSL certificate issued for www.mydomain.com  can secure www.mydomain.com  (and mydomain.com in some cases). If your website visitor tries to access https://anything.mydomain.com, a warning will be displayed in the web browser.  When we have SSL certificate activated with the CSR code for anything.mydomain.com https://mydomain.com  and https://www.mydomain.com  access attempts will result in warnings as well. From this point of view, SSL certificate is a great “What You See Is What You Get” example.

Common name in the CSR code needs to be of a certain format. General requirements are latin alphanumeric characters and no special symbols like ! @ # $ % ^ ( ) ~ ? > < & / \ , . " ' _ More peculiarities are described here for your reference. IDN (International Domain Names) common names should be first converted into the punycode, and then indicated in the CSR.

COMODO CA (single domain SSL) can cover a bare domain (mydomain.com) name and a www-subdomain (www.mydomain.com ) within one SSL certificate. 

Let us have a look what we might want to secure with our SSL certificate and what needs to be indicated as common name in the CSR code so that we can achieve our aim.

We want to have https:// for….

Common name in the CSR code

Which SSL is good for me?

https://mydomain.com

+ https://www.mydomain.com  within one certificate

 

It does not  matter. You can have your CSR code generated for mydomain.com or for www.mydomain.com  common name.


Both will be covered anyway.

PositiveSSL

EssentialSSL

EV SSL

InstantSSL

InstantSSL Pro

PremiumSSL

 

 

 

https://mydomain.com  

+

https://www.mydomain.com

https://mydomain.net

https://www.mydomain.net

https://myotherdomain.org

https://sub.myotherdomain.org

https://sub.mydomain.com


*up to 100 host names*






Option#1: mydomain.com and all other domain names you’d like to include in your Multi-Domain certificate



Option#2: mydomain.com and type other domain names manually during the activation process as shown on the screenshot below *.

PositiveSSL Multi-Domain (!)

EV Multi-Domain SSL (!)

Unified Communications (!)

Multi-Domain SSL (!)



 (!) Multi-Domain certificates consider www.mydomain.com and mydomain.com as two different host names. Please indicate them in your CSR code separately.

 * Manual domain name entry:




https://domain.com  

https://www.domain.com  

https://sub1.domain.com  

https://sub2.domain.com  

https://sub3.domain.com  

 

all possible and unlimited same-level subdomain names of domain.com

 https://sub1.sub.domain.com

https://sub2.sub.domain.com

https://sub3.sub.domain.com

https://sub4.sub.domain.com

 



 

*.domain.com

 

 

 

 

 

 

*.sub.domain.com (!)

 

 

 

PositiveSSL Wildcard

EssentialSSL Wildcard

PremiumSSL Wildcard



(!) Please do not generate a CSR code with *.*.mydomain.com in order to secure second- and third-level subdomain names. Such CSR code cannot be used for Wildcard certificate activation. If you need to secure many second- and third-level subdomain names, please consider a Multi-Domain certificate.

We are always here for you, if you would like to double-check which certificate suits you most or check your CSR code with us prior to certificate’s activation. Please submit a ticket with us here or check the issue with our agent in real time!

Powered by Zendesk