Contact us at |support@ssldragon.com

CSR Code

“CSR” stands for “Certificate Signing Request”. The CSR code represents an encrypted text message which a person or a company sends to the Certificate Authority through SSL Dragon as a part of applying for an SSL Certificate. The CSR code contains information about you and your company, which will be included in the SSL Certificate that will be issued to you.

You need a CSR in order to apply for an SSL Certificate. Later, when your SSL Certificate is issued to you, then you will also use the CSR code for the activation of the TLS (Transport Layer Security).

The CSR must contain the following mandatory encrypted information: your Country, State, City/Town, Name of the company, Department from your company, and the Domain name or IP address that you want the SSL Certificate to be issued for.

It may also contain this optional information: the email address where your CSR code and the Private Key will be sent to once they are both generated.

To avoid any errors, please make sure that:

  1. You DO NOT enter “http://” or “https://” along with your domain name as a common name when generating the CSR. Please enter only “www.domain.com” or “domain.com” as a common name. Also, make sure you don’t have any extra spaces before or after your domain name.
  2. When generating the CSR code you were given a CSR code and a Private Key. Make sure that you only enter the CSR code in the SSL Configuration form. DO NOT enter the Private Key, but save it and keep it in a safe location on your computer or email, because you will need it when installing the SSL Certificate on your website/server.
  3. The CSR that you enter in the SSL Configuration form should include the following two lines: “—–BEGIN CERTIFICATE REQUEST—–” header and “—–END CERTIFICATE REQUEST—–” footer.
  4. For Wildcard SSL Certificates – When generating the CSR code for a Wildcard SSL Certificate, you have to include an asterisk and dot (*.) before your domain name. In other words, you should fill in *.yourdomain.com as a common name in your CSR.
  5. For Multi-Domain Wildcard SSL Certificates – Any Multi-Domain Wildcard SSL Certificate should start with a non-Wildcard domain. This means that you need to generate the CSR for a single domain – example.com – without any asterisk sign “*.”. Please read more in this FAQ.
  6. Your CSR is not configured for the following countries – Afghanistan (AF), Crimea (Russia), Cote d’Ivoire (CI), Cuba (CU), Eritrea (ER), Guinea (GN), Iraq (IQ), Iran (IR), Democratic People’s Republic of Korea (KP), Liberia (LR), Myanmar (MM), Rwanda (RW), Sudan (SD), Sierra Leone (SL), South Sudan (SS), Syrian Arab Republic (SY), Zimbabwe (ZW) – It’s prohibited to issue SSLs for these countries.
  7. For IP Address SSL Certificates – For Comodo InstantSSL Premium, the common name should be your IP address. For GoGetSSL Public IP SAN SSL Certificate, you will be asked to generate a CSR with NO Common NameHere is how to do it.

Whether you accidentally or purposefully enter some incorrect information during the CSR generation process, the CSR and the Private Key will still be issued to you immediately. However, once you use the CSR code to apply for an SSL Certificate, you may or may not be issued an SSL Certificate. It is solely at the Certificate Authority’s discretion to approve or decline your SSL Certificate issuance if you entered incorrect information about you and your company.

If you found out that the CSR is wrong and you already configured the SSL, please open a ticket with us and provide the correct CSR.

If you realized that you entered incorrect information in the CSR while generating it, you simply have to put aside, ignore or delete your existing CSR and Private Key. After that, you should generate a new CSR code (which will automatically generate a new Private Key too), using correct information about yourself and your company. Use the newer CSR when applying for an SSL Certificate, and then your newer Private Key when installing your SSL Certificate on your website and server.

A CSR is generated immediately. It will be generated to you as soon as you fill in the CSR Generator form.

Once you got your CSR code and Private Key, you can enter your CSR when ordering an SSL Certificate. Here is where you need to enter your CSR code:

  1. Sign in to “My Account” on our SSL Dragon website;
  2. Once you are logged in, go to the main menu, select “Services” -> “My Services“;
  3. You will see the list of SSL Certificates which you bought on our website. Click on the SSL Certificate which you have just ordered, to enter its details page;
  4. When you are on the details page of the SSL certificate which you bought, go towards the bottom of the page, and click on the green button which says “Configure Now”;
  5. Fill in the 2 or 3 steps form, by entering your personal and your company information. The second thing that you will be asked about on this form is the CSR. Copy and paste your CSR code in the text area which asks you for your CSR;
  6. Once the 2 or 3 steps form is completed in full, your SSL Certificate order will be submitted to the Certificate Authority;
  7. A message will come on the email address which you selected on Step 2. You need to go to your email address, and confirm that you are the owner of the domain name which you asked for an SSL Certificate for;
  8. Once these are done successfully, you will receive your SSL Certificate in anything between 5 minutes (for a Domain Validation SSL Certificate) and 7-10 days (for an Extended Validation SSL Certificate).

Yes, you can look what information your CSR includes, by doing a process which is opposite to encrypting it. You can use our CSR Decoder tool in order to see what information is included in your CSR. You can do that our CSR Decoder page.

If you generated your CSR code on the CSR Generator on our website, then the CSR and the Private Key were both shown to you when you generated your CSR. They were also sent to your email address that you included in the CSR form that you filled in on our website. The message that was sent to your email address came from [email protected] and it had the following subject: “Your CSR code and your Private Key”.

If you generated your CSR on your server, then your CSR code and your Private Key were both provided to you by your server. You had to copy both on your computer or email, and store them in a safe place. In some cases, some servers may show the CSR code and the Private Key, and at the same time store both these pieces of code for you on the server. In other cases, the server only provides you the CSR code and keeps the Private Key hidden on the server.

Also, your CSR code will be displayed to you again when your SSL Certificate is issued. Once the SSL Certificate is issued and shown in your SSL Dragon account, it will also show you the CSR code that you used to configure your SSL Certificate.

This is one of the most frequent questions that we get. Unfortunately we cannot send you the Private Key, because it is private, and we do not store it anywhere in our system and database. The Private Key is always confidential, and it is only you as the SSL Certificate owner who should have it. If we were to have or store your Private Key, this would compromise the “security” of your SSL Certificate.

If you generated your CSR code on the CSR Generator on our website, then the CSR and the Private Key were both shown to you when you generated your CSR code. They were also sent to your email address that you included in your CSR. The message that was sent to your email address came from [email protected] and has the following subject: “Your CSR code and your Private Key”.

If you generated your CSR on your server, then your CSR code and your Private Key were both provided to you by your server. You had to copy both on your computer or email, and store them in a safe place. In some cases, some servers may show the CSR code and the Private Key, and at the same time store both these pieces of code for you on the server. In other cases, the server only provides you the CSR code and keeps the Private Key hidden on the server.

re-issue-certificateThis being said, please look for the Private Key in your email address or on the server. If you cannot find it, then please generate a new CSR code on your server, or on the CSR Generator on our website. The CSR code will come with a Private Key. Once you generate a new CSR code and Private Key, then please go to the SSL Certificate details page inside your SSL Dragon account, and click on the “Reissue certificate” button from the left side bar on the page. You will have to pass the domain validation again, and once you do that, the SSL Certificate will be re-issued to you based on the new CSR code that you entered. Also, the re-issued SSL Certificate will pair with the Private Key which came along with the new CSR code.

If you cannot find the “Reissue certificate” button on the SSL Certificate details page inside your SSL Dragon account, then please send us the new CSR code via a Support Ticket inside your SSL Dragon account, or directly at [email protected] and we will re-generate the SSL Certificate for you, using the new CSR code. Please do not send us the Private Key, so as only you should be the one to have it. Store it in a safe place in your email or computer.

Sometimes, the SSL Certificate which was issued to you does not match the Private Key which you are trying to use when installing that SSL Certificate on your server. That is a common user generated error.

If the system says there is a mismatch, then you need to double check the CSR and Private Key which you generated, and which came together. You need to make sure that you used that specific CSR when you configured your SSL Certificate. When the SSL Certificate is issued, you need to use the Private Key that pairs with that specific CSR.

We see customers making the mistake where they generate one CSR and Private Key, then configure the SSL Certificate with a different CSR that is server generated. In that case the server generated CSR pairs with its own Private Key which you most probably don’t have.

The Private Key which you have works only with the CSR that it came with. Also, the Private Key which you have works only with the SSL Certificate that was configured using the CSR that pairs with that Private Key.

Solution

To solve this, you need to re-configure (re-issue) your SSL Certificate using a CSR code for which you have the Private Key that it pairs with. You may want to use a CSR code that your server provides, or generate a new CSR and Private Key.