bg-tutorials

How to Generate a CSR on BigCommerce

This tutorial explains how to generate a CSR (Certificate Signing Request) on BigCommerce. A CSR is a block of encoded text that you submit to a Certificate Authority (CA) when applying for an SSL certificate. It contains your domain and organization details, along with a public key that will be embedded in the certificate.

Note: BigCommerce automatically provisions a free AutoSSL certificate (issued by DigiCert) for every store on a custom domain. You only need to generate a CSR if you want to install your own third-party SSL certificate instead of the default one.

Generate a CSR on BigCommerce

BigCommerce includes a built-in CSR generator in its control panel. Follow the steps below to create your CSR directly from the admin dashboard.

Step 1: Open the SSL Certificates page

Log in to your BigCommerce control panel as the Store Owner. Navigate to Settings > SSL Certificates.

Step 2: Start the CSR generation

Under the Generate a CSR (for 3rd party certs) section, click Generate a CSR.

Step 3: Fill in the required details

Complete the following fields:

  • Approver Email: select or enter a valid email address for the domain. The CA will use this address for domain validation.
  • Common Name (CN): the fully qualified domain name you want to secure, for example yourstore.com. For a wildcard certificate, enter *.yourstore.com.
  • Organization Name (O): the legal name of your company, for example GPI Holding LLC.
  • Organizational Unit (OU): most CAs no longer use this field. You can leave it blank or enter a department name such as IT.
  • Locale (L): the full city name where your organization is registered, for example San Jose.
  • State/Province (S): the full state or province name (do not abbreviate), for example California.
  • Country Code (C): select the two-letter ISO country code from the drop-down list, for example US.

Step 4: Generate and save the CSR

Review all entries for accuracy, then click Generate CSR. BigCommerce will display the CSR code on screen. Copy the entire block, including the header and footer lines:

-----BEGIN CERTIFICATE REQUEST-----
(base64-encoded data)
-----END CERTIFICATE REQUEST-----

Paste the CSR into a plain-text editor (such as Notepad on Windows or TextEdit in plain-text mode on macOS) and save the file as yourdomain.csr. You will submit this CSR to your Certificate Authority during the SSL order process.

BigCommerce also emails a copy of the CSR to the approver email address you specified.

Alternative: generate the CSR externally

If you need a CSR with options the built-in generator does not support (for example, a multi-domain SAN certificate or a specific key size), you can generate the CSR outside BigCommerce using one of these methods:

  • Online tool: use the SSL Dragon CSR Generator to create a CSR and private key instantly.
  • OpenSSL (command line): run the following command on any machine with OpenSSL installed:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

OpenSSL will prompt you to fill in the same fields (Common Name, Organization, etc.). When it finishes, you will have two files: yourdomain.csr (the CSR) and yourdomain.key (the private key). Keep the private key safe; you will need it when installing the certificate.

After generating the CSR (by either method), you can verify its contents with the SSL Dragon CSR decoder before submitting it to the CA.

Install the SSL certificate on BigCommerce

Once the CA validates your request and issues the certificate, follow these steps to install it on your BigCommerce store.

Step 1: Prepare the certificate files

Download the certificate archive from your CA and extract it. You will typically receive:

  • yourdomain.crt: your primary SSL certificate.
  • ca-bundle.crt (or similar): the intermediate/root CA certificates.

Open each file in a plain-text editor to confirm it contains PEM-formatted text (beginning with —–BEGIN CERTIFICATE—–).

Step 2: Upload the certificate in BigCommerce

In your BigCommerce control panel, go to Settings > SSL Certificates. Under the Install a third-party SSL certificate section, click Install a 3rd party SSL. Paste the following into the corresponding fields:

  • SSL Certificate: the contents of your yourdomain.crt file.
  • RSA Private Key: the private key generated alongside the CSR (this is either in BigCommerce’s records if you used the built-in generator, or in the yourdomain.key file if you generated externally).
  • Intermediate Certificates (CA Certificate): the contents of the CA bundle file.

Step 3: Save and verify

Click Install SSL Certificate. BigCommerce validates that the certificate matches the private key and that the chain is complete. If everything is correct, the certificate is installed. Allow 15 to 30 minutes for the changes to propagate across the BigCommerce infrastructure.

After the propagation period, open your store in a browser and check for the padlock icon. For a detailed status report, use the SSL Dragon SSL Checker.

Save 10% on SSL Certificates when ordering from SSL Dragon today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

A detailed image of a dragon in flight
Written by

I've been writing for SSL Dragon for over 10 years, focusing entirely on SSL certificates and digital security. My job is to take complex cybersecurity topics and strip away the jargon, making sure you get the clear, practical information you need to keep your website safe.