How to create a CSR (Certificate Signing Request) in Plesk

Adding an SSL certificate in Plesk is a multi-step process. Understanding what SSL is and how it works will make this process much easier.

Understanding SSL

What is SSL

Secure Socket Layer (SSL) Certificates are used to encrypt all data sent from your server to the client, and from the client back to the server. The use of SSL is strongly recommended when allowing a user to enter sensitive information such as passwords or credit card data into a form. Without the use of SSL, the data is transmitted over the Internet in a plain text format that a malicious users could read without issue. By using SSL, the data is encrypted, rendering the data virtually impossible to read.

Once applied to a website, the encryption is used when accessing the website using https://domain.com instead of the standard, unencrypted http://domain.com. You might notice the ‘s’ in ‘https’ stands for “secure”.

 

How SSL Works

SSL works by encrypting the information from the server to the user by utilizing encryption keys. A private key on the server is used to encrypt the data and a public key that is provided in the SSL certificate is used to un-encrypt the data. Conversely, information sent by the user is encrypted using the certificate and that information can only be un-encrypted by the private key on the server.

Because only the public key can un-encrypt the information encrypted by the private key and only the private key can un-encrypt data sent by the public key, it is extremely important that they remain in pairs. You cannot mix public an private keys from different certificates.

 

SSL Certificate Descriptions

There are a maximum of 4 certificates, depending on your situation.

CSR: Certificate Signing Request

This certificate is used to request an SSL certificate from a trusted provider such as Comodo, Verisign, Godaddy, etc. When ordering an SSL Certificate from a Trusted Provider, you must copy and paste the entire certificate, including “—–BEGIN CERTIFICATE REQUEST—–” and “—–END CERTIFICATE REQUEST—–”

Example CSR
—–BEGIN CERTIFICATE REQUEST—–
MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
aabbcTHIS+IS+NOT+A+REAL+CERTIFICATE++DO+NOT+USE+THIS+EXAMPLEaabc
HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v
Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV
IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr
WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J
cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl
4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH
Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D
6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn
—–END CERTIFICATE REQUEST—–

 

Private Key

The Private Key is the glue successfully installing an SSL Certificate on your website. This certificate is used to create the CSR, which in turn, is used to create the Public Key. The Public and Private keys then work together to create a secure connection between the server and the user’s browser. The Private Key and Public Key must match in order for the connection to work correctly.

 

SSL or Public Key

This key might also be referred to as the SSL Certificate. This is the certificate you receive back from a Trusted Provider after submitting the CSR. The Public keys works with the Private Key to encode the information transmitted between the server and the user’s browser.

 

CA (Certificate Authrority)

The CA Certificate is provided by a Trusted Provider when purchasing an SSL Certificate. This certificate lets the browser know the SSL certificate was issued by a trusted provider and prevents the browser from displaying warning messages.

CA Certificate files are often provided in pairs, so do not be surprised if you get 2 files. Both of these must be pasted into the CA Certificate file in order to work correctly

 

Overview

The basic steps to installing an SSL certificate include:
1. Create a CSR (Certificate Signing Request)
2. Submit the CSR to a Trusted Provider (also known as a Certificate Authority) and purchase the SSL.
3. Upload the SSL files to the server.
4. Apply the new certificate to your domain.

 

Create the CSR

Open Advanced Domain Options

Open the Advanced Options for the domain you’re going to add SSL to.

How to view Advanced Domain Options

Advanced Domain Options are used to set the following settings:

Website Scripting and Security, PHP Settings, Web Server Settings, Applications, File Manager, Web Statistics, DNS Settings, Secure Your Sites (SSL), Password protecting directories, Website copying, Viewing Logs and creating web users along with information about how to move a site from development to productions and how to close a site from production to a development environment.

To access a Domain’s Advanced Settings:

From the Home screen, click “Domains” then click the link for the Domain name.

plesk-domains-domainname

 

Click the “Websites & Domains” tab, then scroll down the page until you locate the correct Domain.  (Unless you have added additional domains or subdomains to the subscription, this will be the only domain listed.)

At the bottom of the containing box, click the small arrow at the bottom center to display the advanced domain options.

advanced-settings-1

 

advanced-settings-2

 

Click “Secure Your Sites”

Inside the Advanced Options, click the “Secure Your Sites”

secure-your-site

 

SSL Certificates

On the SSL Certificates page, under the Tools heading, click “Add SSL Certificate”

ssl-certificates-pg

 

Add SSL Certificate

Under Add SSL Certificate, you’ll need to fill out the CSR Request form.

Certificate Name: Enter a unique name for the certificate.  You can use any name you wish as long as it is unique.  I recommend using the domain name and the current year.

Country: Select the country the business is based in from the dropdown box.

State or province: Enter the state or province of the business

Location (city): Enter the city the business is located in.

Organization name (company): Enter your business name.

Organization department or division name: This setting is optional.  If you wish, you may enter a department.  Examples might include IT, Marketing or Sales

Domain name: Enter the domain name.  If you are applying the certificate to a specific subdomain (sales.domain.com or blog.domain.com), make sure you enter the exact subdomain.

Email: Enter your contact email address.

Once you have filled in the form, click Request.

csr-form

Access Your CSR

After your CSR is generated you will be returned to the SSL Certificates page with a notice saying the new SSL certificate was added.

To view the CSR, scroll down the page under Certificates and click on the certificate name you created in the previous step.

You’ll notice to the right of the certficate, there are some small icons under the letters R, K, C and A. These represent the certificate files that have been created. R=Certificate Signing Request, K=Private Key, C=Public Key and A=Signing Authority. The icons that are displayed in full color represent the files that have been created and the icons that appear greyed out represent the missing certificates.

csr-complete

 

“Change Properties of SSL Certificate” Page

On the “Change Properties of SSL Certificate” page, scroll down the page until you see “CSR” .  The text displayed starting with “- – – – – BEGIN CERTIFICATE REQUEST- – – – -” through “- – – – -END CERTIFICATE REQUEST- – – – -” is the text you will provide to a 3rd party certificate provider.  Copy the entire text, including the Begin Certificate and End Certificate lines.

-----BEGIN CERTIFICATE REQUEST-----
 MIIC1DCCAbwCAQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJUWDEPMA0GA1UE
 ThIsIsAfAkeCeRtIfIcAte+dOnOtUsEtHiStExT/ThIsIsAfAkeCeRtIfIcAte+d
 LmNvZGVyb3RyYWluaW5nLmluZm8xJjAkBgkqhkiG9w0BCQEWF2NvZHlAY29kZXJv
 ThIsIsAfAkeCeRtIfIcAte+dOnOtUsEtHiStExT/ThIsIsAfAkeCeRtIfIcAte+d
 Ij1egAZp380U8gcUU99DQqTjrXOtc7PBEOg4jdIrpoII/K5SoaaJ7oyQH5TH4rDM
 ThIsIsAfAkeCeRtIfIcAte+dOnOtUsEtHiStExT/ThIsIsAfAkeCeRtIfIcAte+d
 bNSkZVi7zlv1Hmn3Gxo73ik64WwmWlNeylAFlmX15F5pT7sjXLWfynukBCh4fscF
 ThIsIsAfAkeCeRtIfIcAte+dOnOtUsEtHiStExT/ThIsIsAfAkeCeRtIfIcAte+d
 Aktmq2mSKWzlh1f0OVLYgjbf2SdqcQgDIf81D7U34q7tmL72bUdBbrjJiE2+9pa4
 ThIsIsAfAkeCeRtIfIcAte+dOnOtUsEtHiStExT/ThIsIsAfAkeCeRtIfIcAte+d
 fmLhurzt+e4m0fgl4gh8z/YjcmZaX9THQkHJxp0gd0A1xkm0SkvJ38QHwkuNpDBp
 Yx/CVhzfIzSi3yJuCwIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAKxFgaWdqiws
 ThIsIsAfAkeCeRtIfIcAte+dOnOtUsEtHiStExT/ThIsIsAfAkeCeRtIfIcAte+d
 Gf4iV0WKen2Z9Ssu3nhESf/pt9WSZWsB6b0R8ZGROkDu1WZ60wgN1OvhQaSARqVX
 ThIsIsAfAkeCeRtIfIcAte+dOnOtUsEtHiStExT/ThIsIsAfAkeCeRtIfIcAte+d
 lUpupKEK5Q4=
 -----END CERTIFICATE REQUEST-----

 

 

Author: admin on June 26, 2014
Category: Plesk

Leave a Reply

Last articles