For a certificate authority to issue you a certificate you must provide them the information that you believe belongs in that certificate request. The most important piece of information being the public key that your server will use to identify itself, the Certificate Request (sometimes called a CSR or PKCS10) is how you provide that public key and prove you have the corresponding private key. To help identify which server a certificate request is for it can also include additional information such as the fully qualified host name of the server or the name of the legal entity who posses the associated private key.
Before you can order an SSL certificate you will need to generate a Certificate Signing Request (CSR). For the CSR to be valid you will be required to provide the hostname and key size. Note: All orders placed after November 29th 2010 will only be accepted with a CSR key length of 2048 bits or higher.
To easily create a CSR it is recommended to use the SSL Certificate Request Helper. By utilizing this tool you will be able to easily generate the CSR for OpenSSL, Microsoft Exchange 2007, Microsoft Exchange 2010, Java Keytool, F5 Big-IP, and Microsoft IIS.
Note: If you are generating a CSR for a Wildcard certificate your common name must start with an asterisk (*). (i.e., *.globalsign.com). The asterisk acts as a replacement for your sub-domain name.
For instructions on how to generate a CSR through the platform directly, please select from one of the more common platforms below or search for your web server in the search bar above.
- Microsoft IIS 7
- Microsoft IIS 5/6
- Microsoft Exchange 2007
- Microsoft Exchange 2003
- Apache OpenSSL
If you would prefer to use AutoCSR please view more information on general AutoCSR information, AutoCSR using Apache (OpenSSL), or AutoCSR using Windows. Please note that the AutoCSR option is not supported by ExtendedSSL certificates.
SSL Certificate Request Helper: https://csrhelp.globalsign.com/en_US