How to correctly specify the domain in a CSR?

How to correctly specify the domain in a CSR?

The life cycle of each SSL certificate encompasses three primary stages: activation, validation of domain ownership (and sometimes company ownership), and installation of the certificate file on the server hosting the website. To establish a secure HTTPS:// connection displayed in the address bar, it is essential to comprehend this three-stage process, which commences with the generation of the CSR code.

How to correctly specify the domain in a CSR?

CSR, short for Certificate Signing Request, constitutes the initial and pivotal step towards obtaining an SSL certificate issued for your domain name. Upon purchasing an SSL certificate, it is initially unassigned to any domain or subdomain name. The CSR code enables you to specify the exact (sub)domain for which you desire the certificate to be issued. This code can be generated either through your hosting software or by your hosting provider, utilizing provided how-to manuals. Typically, you will be prompted to furnish the following information:

  • Organization (O)
  • អង្គភាព​អង្គការ (OU)
  • Country (C)
  • រដ្ឋ (S)
  • Locality (L)
  • Common Name (CN)

Here is how a CSR code looks like:

—–BEGIN CERTIFICATE REQUEST—–
MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9yb
mlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGU
*** More encoded data here***
gSW5jMR8wHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQD
Ew53d3cuZ26iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn
—–END CERTIFICATE REQUEST—–

If all the aforementioned points are self-explanatory, “common name” part deserves some additional details. ឈ្មោះទូទៅ is one (or more) host name(s) associated with the SSL certificate. In other words, this is a Fully Qualified Domain (or subdomain) ឈ្មោះ (FQDN) that you would like to see HTTPS-accessible. However, we need to keep in mind that, when issued, the SSL certificate will be valid only for the exact FQDN indicated in your CSR code, and HTTPS access to subdomains will result in a browser warning. Let us check the example for a better understanding:

SSL certificate activated with the CSR code generated for www.example.com will not cover security.example.com or any other subdomain of example.com. It will be valid only for the FQDN indicated in the CSR. On the other hand, SSL activated with the CSR code generated for security.example.com, will cover neither www.example.com, ក៏មិនមែន example.com.

CSR code needs to be generated in accordance with certain rules. General request is អក្សរក្រមលេខ តួអក្សរនិង no special characters like ! @ # $ % ^ ( ) ~ ? > < & / \ , . ” ‘ _. More details can be checked នៅ​ទីនេះ. Please avoid a passphrase during CSR code generation. The Challenge Password is the CSR attribute that specifies a password by which an entity may request a certificate revocation. Such a practice was deprecated long ago and nowadays is considered obsolete.

សព្វថ្ងៃ​នេះ, IDN domain names (International Domain Names) gain more popularity. If you have registered such a ឈ្មោះដែន name, you definitely can secure it with an SSL certificate. In this case your domain name needs to be converted into punycode and indicated in the CSR code as a common name. Feel free to use this converter សំ​រាប​គោលបំណង​នេះ។

This is definitely worth mentioning that there are SSL certificates that can cover both www.example.com and example.com. COMODO CA (now Sectigo CA) has been offering this option for already quite a long time.

The below table with examples might be useful during CSR code generation.

SINGLE DOMAIN SSL CERTIFICATES

លទ្ធផលដែលចង់បានCSR code needs to be generated for…SSL certificates with an available option
https://www.example.com and https://example.comYou can generate your CSR code either for www.example.com or for example.com. Your certificate will cover both host names.PositiveSSL
EssentialSSL
InstantSSL
InstantSSL Pro
PremiumSSL
EV SSL

WILDCARD SSL CERTIFICATES

លទ្ធផលដែលចង់បានCSR code needs to be generated for…SSL certificates with an available option
https://example.com
https://www.example.com
https://subdomain.example.com
https://subdomain1.example.com
https://anything.example.com

*unlimited*
CSR code needs to be generated for *.example.com. Such a certificate will cover an unlimited amount of one level subdomains that can be placed instead of an asterisk. Base domain (example.com) is covered as well.PositiveSSL Wildcard
សញ្ញាជំនួសសំខាន់ៗ
PremiumSSL Wildcard
https://subdomain.example.com
https://subdomain1.subdomain.example.com
https://subdomain2.subdomain.example.com
https://subdomain3.subdomain.example.com
https://subdomain4.subdomain.example.com

*unlimited*
CSR code needs to be generated for *.subdomain.example.com. Such a certificate will cover an unlimited amount of one level subdomains that can be placed instead of an asterisk. Base domain (subdomain.example.com) is covered as well, but not example.com.PositiveSSL Wildcard
សញ្ញាជំនួសសំខាន់ៗ
PremiumSSL Wildcard

NBជំនួស certificates cannot be activated with the CSR code generated for *.*.example.com or *.*.subdomain.example.com

MULTI-DOMAIN SSL CERTIFICATES

លទ្ធផលដែលចង់បានCSR code needs to be generated for…SSL certificates with an available option
https://www.example.com
https://example.com
https://domain.net
https://www.domain.net
https://subdomain.domain.net
https:// domain.org
https://subdomain.domain.org

*any combination of subdomain or domain names and TLDs*
CSR code needs to be generated for all the domain or subdomain names you would like to secure with an SSL certificate. However, if your web server software does not allow it, you can generate it for one domain name and type others manually during the activation process.PositiveSSL Multi-Domain
EV Multidomain SSL
SSL ពហុដែន
Unified-Communications

NB: PositiveSSL Multi-Domain, EV Multidomain SSL, Multi-Domain SSL and Unified-Communications can secure up to 100 domain or subdomain names. Bare domain (example.com) and its www-subdomain (www.example.com) need to be indicated separately in the CSR code.

សូមចងចាំថា CSR code for these certificates should contain two (sub)domain names minimum (if the certificate is purchased as a ពហុដែន one, of course). Otherwise, it will not be possible to activate it and add other domain names later on, when needed. If there is no option to generate a CSR code for multiple hostnames using your hosting software, an additional domain name can be added manually during the activation process.

If there is any concern regarding the most suitable SSL certificate type, common name in the CSR code, certificate activation procedure or any other – please do not hesitate to contact us at your best convenience via Live Chat. Our doors are 365/24/7 open for you!