Generating a Private Key and Certificate Signature Request (CSR) from your Web Server
Note: Prior to enrolling/reissuing/renewing a Certificate, you must generate a minimum of 2048-bit Private Key and CSR pair from your web server.
Digital IDs make use of a technology called Public Key Cryptography, which uses Public and Private Key files. The Public Key, also known as a Certificate Signature Request (CSR), is the key that will be sent to thawte. The Public Key is generated on your server and v alidates the computer-specific information about your web server and Organization when you request a Certificate from thawte.
The Private Key will remain on the server and should never be released into the public. thawte does not have access to your Private Key. It is generated loca lly on your server and is never transmitted to thawte. The integrity of your Digital ID depends on your Private Key being controlled exclusively by you.
A CSR can not be generated without generating a Private Key file. Similarly the Private Key file can not be generated without generating a CSR file. In certa in web server software platforms like Microsoft IIS, both are generated simultaneously through the Wizard on the web server.
Typically, you will be prompted to enter the following information about your Organization in order to generate the Private Key and CSR (Public Key) pair from the web server:
- Organization Name
- Organizational Unit
- This maybe either a Sole Proprietorship, Trading As, University Department, University Administration, Government Department, Doing Business As, University Faculty, Public (Listed) Company, Private (Unlisted) Company, Registered Non Profit Organization, Non-Government Organization, Interest Group, Registered Charity.
- Country Code
- State or Province
- Common Name
- This is the name that distinguishes the Certificate best, and ties it to your Organization. Here you need to enter your exact host and domain name that you wish to secure. This may also be the root server or intranet name for your Organization.
- If you wish to secure www.yourdomain.com, then you need to enter www.yourdomain.com as the Common Name. If you just enter yourdomain.com as the Common Name (without the host www), then the Certificate will only get issued to yourdomain.com. If you generate the CSR for www.yourodmain.com, it will be valid for both www.yourodmain.com and yourodmain.com. Similarly, if you need to secure pay.yourdomain.com, then you need to mention the Common Name as pay.yourdomain.com.
If you are buying a Wildcard Server Certificate for securing all sub-domains of your domain name yourdomain.com, then you need to enter the Common Name as *.yourdomain.com; otherwise you will get an error while submitting your CSR.
You need to get in touch with your Web Hosting provider and request them to generate a CSR for your business after supplying them the above mentioned information. If you have bought Web Hosting for this domain name with Register4less, then you may generate a CSR yourself from your own Control Panel.