tencent cloud

SSL Certificates

Release Notes
Announcements
Notice on price adjustment of DigiCert and its affiliated brands'SSL certificates​
Price Change to DigiCert SSL Certificates
TrustAsia Root Certificate Update
Domain Validation Policy Update
SSL Certificate Service Console
Multi-Year SSL Certificate and Automatic Review
Notice on Stopping the Issuance of 2-Year SSL Certificates by CAs Starting from September 1, 2020
Announcement on Stop Using the Symantec SSL Certificate Name After 30 April 2020
Notice on Certificate Revocation Due to Private Key Compromises
Notice on Application Limits for DV SSL Certificates
Notice on Adjustment of Free SSL Certificates Policy
Let's Encrypt Root Certificate Expired on September 30, 2021
Product Introduction
Overview
Introduction to Tencent Cloud SSL Certificates
Strengths
Advantages of HTTPS
Browser Compatibility Test Report
Multi-Year SSL Certificate and Automatic Review Overview
SSL Certificate Security
Purchase Guide
Pricing
SSL Certificate Purchase Process
SSL Certificate Selection
Paid SSL Certificates Renewal
SSL Certificate Renewal Process
SSL Certificate Refund Process
Getting Started
Certificate Application
Information Submission Process for Paid SSL Certificates
Domain Ownership Validation
Domain Validation Method Selection
Automatic DNS Addition
DNS Validation
File Validation
Automatic DNS Validation
Automatic File Validation
Validation Result Troubleshooting Guide
Operation Guide
Domain Ownership Verification
Uploading Certificates
Secured Seal
CSR Management
Certificate Installation
Installing an SSL Certificate on a Tencent Cloud Service
Installation of International Standard Certificates
Selecting an Installation Type for an SSL Certificate
Certificate Management
Instructions on SSL Certificate Auto-Renewal
Certificate Hosting
Uploading (Hosting) an SSL Certificate
Reminding Reviewers to Review an SSL Certificate Application
Revoking an SSL Certificate
Deleting an SSL Certificate
Reissuing an SSL Certificate
Ignoring SSL Certificate Notifications
Customizing SSL Certificate Expiration Notifications
API Documentation
History
Introduction
API Category
Making API Requests
Certificate APIs
Certificate Renewal (Certificate ID Unchanged) APIs
CSR APIs
Data Types
Error Codes
Use Cases
Automatic Solution for Implementing and Issuing Multi-Year Certificates and Binding Resources
Apple ATS Server Configuration
Quickly Applying for a Free SSL Certificate via DNSPod
Enabling Tencent Cloud DDNS and Installing Free Certificates for Synology NAS
Batch Applying for and Downloading Free Certificates Using Python-based API Calls
Profile Management
Adding Organization Profile
Adding Administrator
Adding Domain
Troubleshooting
Domain Validation Failed
Domain Security Review Failed
Website Inaccessible After an SSL Certificate is Deployed
404 Error After the SSL Certificate is Deployed on IIS
“Your Connection is Not Secure” is Displayed After the SSL Certificate is Installed
Message Indicating Parsing Failure Is Displayed When a Certificate Is Uploaded
Automatic DNS Validation Failed for a Domain Hosted with www.west.cn
Host Name Field Cannot Be Edited in IIS Manager When Type Is Set to https
Message Indicating Intermediate Certificates Missing in Chain Is Displayed When a Free SSL Certificate Is Deployed on IIS
FAQs
SSL Certificate Selection
SSL Certificate Application
SSL Certificate Management
SSL Certificate Installation
SSL Certificate Region
SSL Certificate Review
SSL Certificate Taking Effect
SSL Certificate Billing and Purchase
SSL Certificate Validity Period
Related Agreement
SSL Service Level Agreement
Contact Us
Glossary
DocumentationSSL CertificatesFAQsSSL Certificate ApplicationHow Do I Make a CSR File?

How Do I Make a CSR File?

PDF
Focus Mode
Font Size
Last updated: 2024-03-06 18:00:08

How do I make a CSR file?

This topic describes how to generate a Certificate Signing Request (CSR) file.

Prerequisites

Before applying for an SSL certificate, you need to generate a key file and a CSR file for generating the certificate. The CSR file is the source file of your public key certificate. It contains your server and company information and needs to be submitted to a certificate authority (CA) for review. You are advised to use the CSR file generated by the system to avoid approval failures caused by information input errors. If you choose to manually generate a CSR file, ensure that you properly keep and back up your private key file. Pay attention to the following when manually generating a CSR file:
UTF-8 encoding is required for input information. Specify UTF-8 encoding when you use OpenSSL to configure the CSR.
The SSL certificate service system has strict requirements regarding the key length of the CSR file. The key length must be 2,048 bits and the key type must be RSA.
For a multi-domain SSL certificate or wildcard SSL certificate, you only need to enter a domain name for Common Name or What is your first and last name?.

Generating a CSR file using OpenSSL

1. Log in to a local computer or server running Linux.
2. Install OpenSSL. For installation details, see How to Install OpenSSL?
3. Run the following command to generate a CSR file:
openssl req -new -nodes -sha256 -newkey rsa:2048 -keyout [$Key_File] -out [$OpenSSL_CSR]
Note:
new: generate a new CSR file.
nodes: do not encrypt the key file.
sha256: digest algorithm.
newkey rsa:2048: key type and length.
[$Key_File]: key file name.
[$OpenSSL_CSR]: storage path of the encrypted file.
4. Enter information required for CSR file generation as prompted. The necessary fields are described as follows:
Organization Name: company or organization name.
Organizational Unit Name: department or section name.
Country Code: two-letter country code of the country where your company is located. For example, enter CN for China.
State or Province Name: name of the province or state where your company is located.
Locality Name: name of the city where your company is located.
Common Name: website domain name for which you are applying for an SSL certificate.
Email Address: this field is optional.
Challenge Password: this field is optional. After you enter the information as prompted, the key file and CSR file are generated in the current directory.
Previous Topic: What Is CSR?Next Topic: What Is Private Key Password?

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback