Articles in this section

See more

How to generate certificate signing request (CSR) for domain in Plesk

Avatar
Alexander Tsmokalyuk
Updated
Follow
Plesk for Linux kb: how-to

Applicable to:

  • Plesk for Linux

Question

How to generate certificate signing request (CSR) for domain in Plesk?

Answer

Note: This article may require additional administrative knowledge to apply. If any help required, contact server’s administrator or hosting support. Generating CSR for SAN (multi-domain) certificates is not supported, vote and comment on the following feature request from Plesk UserVoice channel.

Via Plesk GUI

Video instructions:

1. Log in to Plesk and go to Domains > example.com > SSL/TLS Certificates

2. Click Add SSL/TLS Certificate:

mceclip0.png

3. Specify the certificate parameters:

  • Certificate name. This will help you identify this certificate in the repository.

  • Bits. Choose the encryption level of your SSL certificate. In Plesk Onyx, 2048, 3072 and 4096 bits are available.
  • Country, State or province, location (city), organization name (company). The values you enter should not exceed the length of 64 symbols.
  • The domain name for which you want to purchase an SSL certificate. This should be a fully qualified domain name. Example: example.com.

  • Email: The website administrator's email address

Make sure that all the provided information is correct and accurate, as it will be used to generate your private key.

4. Click Request:

mceclip1.png

Plesk will generate your private key and certificate signing request (CSR) and add them to your certificates repository (Domains > example.com > SSL/TLS Certificates).

5. Now that the CSR has been generated, provide it to the chosen Certificate Authority to purchase a certificate from them. In the list of certificates in Domains > example.com > SSL/TLS Certificates, click the name of the certificate you need.

mceclip0.png

6. Locate the CSR section on the page and copy to clipboard text that starts with the line -----BEGIN CERTIFICATE REQUEST----- and ends with the line -----END CERTIFICATE REQUEST----- .

5.png

7. Provide the CSR to the Certification Authority when purchasing the certificate. The exact procedure differs from one Certificate Authority to another, so contact the Certificate Authority for assistance. Once the purchase is completed, you will be given the certificate in the form of either a *.crt file, a *.pem file, or in text form.

 

Via command line

Video instructions:

  1. Connect to the server via SSH. Run the following command:

    # openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

    where "server" is the name of your server.

  2. This will begin the process of generating two files: the private key file to decryption SSL Certificate, and certificate signing request (CSR) file used to apply for the SSL Certificate.

  3. When prompted for common name (domain name), enter the fully qualified domain name for the site that is to be secured. If generating an Nginx CSR for Wildcard SSL Certificate, the common name should start with asterisk (e.g. *.example.com ).

  4. After that, other information will be requested, such as organizational information beginning with geographic information. There may be default information set already.

  5. Then .csr file will be created. Save (back up) the generated .key file as it will be required later when installing the SSL certificate in the webserver.

Comments

8 comments

Sort by Date Votes
  • Avatar
    partha.das

    facing an issue while generating CSR , any one can help me on call support

    0
    Comment actions Permalink
  • Avatar
    Nikolay Voytko

    @partha.das what kind of issue you faced? Could you please provide an example?

    0
    Comment actions Permalink
  • Avatar
    sia rez

    I am missing the “SSL/TLS Certificate” that is highlighted in the very first screenshot. This is what mine looks like:What to do?

    0
    Comment actions Permalink
  • Avatar
    Bulat Tsydenov

    @sia rez, Hi!

    Most likely you are using Windows Server 2008 and the subscription is assigned to shared IP address. Please note, that Windows Server 2008 does not support SNI. If this is the case, refer to There is no "Secure Your Sites" option for domain in Plesk article.

    0
    Comment actions Permalink
  • Avatar
    sia rez (Edited )

    @Bulat I'm actually on Ubuntu 14.04

    So I switched from “Power User” view to “Service Provider” view and the SSL/TLS Certificate appeared. And now I can even see it in the “Power User” view. Not sure why!

    0
    Comment actions Permalink
  • Avatar
    Bulat Tsydenov

    @sia rez, I also cannot reproduce this in test environment. Anyway, glad to hear you sorted that out. If you find the exact steps how to make SSL/TLS Certificates option not visible, let us know.

    0
    Comment actions Permalink
  • Avatar
    Mohamed Adil

    How to create SAN CSR on plesk GUI or windows CLI

    0
    Comment actions Permalink
  • Avatar
    Maxim Krasikov

    Hello, @Mohamed Adil,

    Plesk doesn't provide the functionality to create a CSR for a SAN certificate.

    This task should be performed according to Windows documentation.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles