This guide shows you how to generate a CSR in cPanel, the shared hosting control panel used on most Linux web hosts. cPanel creates the CSR and its matching private key together, stores the key safely in the SSL/TLS manager, and gives you a text block to paste into your Certificate Authority’s order form. The same form covers single domains, multi-domain (SAN) certificates, and wildcards.
Generate the CSR in cPanel
If you already generated your CSR with another tool, skip to the cPanel SSL installation instructions. Otherwise, follow the steps below. The labels match the current cPanel interface (Jupiter theme).
Step 1: Open the SSL/TLS manager
- Log into your cPanel account.
- In the Security section, click SSL/TLS.
- Under Certificate Signing Requests (CSR), click Generate, view, or delete SSL certificate signing requests.
Step 2: Pick or generate a private key
From the Key drop-down, choose one of the following:
- Generate a new 2,048 bit key (recommended for most sites). cPanel creates a fresh RSA-2048 private key, pairs it with the CSR, and stores the key under SSL/TLS > Private Keys (KEY). This is the default and what you want unless you have a specific reason to reuse a key.
- An existing key from the same drop-down, if you already created a key earlier and want to reuse it (for example, to issue a replacement certificate without rotating the key).
Recent cPanel versions also support ECDSA (elliptic curve) keys such as P-256, but RSA-2048 is the safest default for compatibility with every Certificate Authority and every client. Only switch to ECDSA if you know your CA and your audience support it.
Step 3: Enter the domain(s) you want to secure
In the Domains box, enter the Fully Qualified Domain Name (FQDN) you want the certificate to cover. For example:
www.example.com
If you ordered a different certificate type, adjust the entry:
- Wildcard certificate: put an asterisk in front of the apex domain to cover every first-level subdomain. For example:
*.example.com - Multi-domain (SAN) certificate: enter every hostname the certificate must cover, one per line. cPanel writes them into the CSR as Subject Alternative Names. For example:
www.example.com example.com shop.example.com mail.example.com
The first hostname you list becomes the certificate’s Common Name; the rest go into the SAN extension. Make sure every hostname you list is one you actually control and intend to validate.
Step 4: Fill in the organization details
Complete the remaining fields. For a Domain Validation (DV) certificate these values are not verified, but the CA still requires the fields to be present, so fill them out accurately so the issued certificate looks correct to anyone who inspects it:
- City: the full name of the city where your organization is registered. Do not abbreviate.
- State: the full name of the state, province, or region. Do not abbreviate.
- Country: from the drop-down, select the country where the organization is legally based.
- Company: the official legal name of the business that owns the domain (for example, GPI Holding LLC). For a DV certificate ordered by an individual, enter your full name or leave the field as NA; do not enter the domain name here.
- Company Division (Organizational Unit): the CA/Browser Forum has deprecated this field in public TLS certificates, so most CAs strip it from the issued certificate. Leave it blank or enter NA.
- Email: not used by modern public TLS certificates. You can leave it blank or enter a contact email; either way it will not appear in the Subject of the issued certificate.
- Passphrase: leave blank. A passphrase here is stored unencrypted in the CSR and serves no security purpose; most CAs reject CSRs that include one. Skip it unless your CA has explicitly asked for one.
- Description: optional, for your own records. Leave it blank or note something like www.example.com 2026 renewal.
Step 5: Generate and copy the CSR
Double-check the form, then click Generate. cPanel displays the encoded CSR in a text box. It looks like this:
-----BEGIN CERTIFICATE REQUEST-----
MIIC2zCCAcMCAQAwgZUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
...base64 content of your CSR...
EE9aJDxhWjEFqYdxPpJv3yhT/4M3xZJP0YuVqYU3MA==
-----END CERTIFICATE REQUEST-----
Select the entire block, including the —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– lines (each marker has five hyphens on either side), and copy it. Paste it into the CSR field when you order or reissue your certificate with your Certificate Authority. Before you submit, you can sanity-check the CSR contents with our CSR Decoder to confirm the common name, SAN list, key size, and signature algorithm are what you expect.
cPanel keeps the matching private key on the server under SSL/TLS > Private Keys (KEY). Do not delete it; you need it to install the issued certificate later. After the CA validates the CSR and issues the certificate, continue with the cPanel SSL installation instructions.
When you do not need a CSR: AutoSSL
If you only need a basic Domain Validated certificate, cPanel can issue and renew one for free with AutoSSL, and AutoSSL handles the CSR for you in the background. Open Security > SSL/TLS Status, select the domains you want to cover, and click Run AutoSSL. Generate a CSR yourself only when you have purchased a certificate (Organization Validation, Extended Validation, wildcard, multi-domain) or when your CA requires a CSR for reissue.
Save 10% on SSL Certificates when ordering from SSL Dragon today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10


