Your private key will be generated in your browser and will not be sent to another server - please make sure you do not lose it.
Domain selection
If you are creating a request for a wildcard certificate, enter an asterisk (*.mydomain.cz) in the "Common Name" field.
In the case of a SAN certificate, create a CSR request only for the main domain in Common Name, other names will be added to the certificate based on the order.
A single certificate for the domain www.mydomain.cz will also be valid for the name without www - but this does not apply to CSRs for other subdomains, e.g.:
- CSR for www.mydomain.cz - certificate will be valid for mydomain.cz and www.mydomain.cz
- CSR for mydomain.cz - certificate will be valid for mydomain.cz and will not be valid for www.mydomain.cz
- CSR for www.shop.mydomain.cz - certtificate will be valid for www.shop.mydomain.cz and will not be valid shop.mydomain.cz
- CSR for *.mydomain.cz - wildcard certificate will be valid for mydomain.cz, shop.mydomain.cz, www.mydomain.cz, ... and will not be valid for www.shop.mydomain.cz
The CSR request must contain only the main domain (Common Name) and the Country code, other data is optional.
Do not use diacritics when filling out the CSR; in case of IDN domain, convert it first, e.g. using the tool https://www.punycoder.com/ .
Creating a request on the server
Unix systems
Let's assume that you are creating a certificate for a domain "www.mydomain.cz". Typically, you create a private key and a Certificate Signing Request (CSR) on a Unix system by running the following command:
$ openssl req -new -sha256 -newkey rsa:2048 -nodes -out www.mydomain.cz.csr -keyout www.mydomain.cz.key
Generating a 2048 bit RSA private key
....................................+++
writing new private key to 'www.mydomain.cz.key'
-----
Country Name (2 letter code) [XX]: CZ
State or Province Name (full name) []: Hlavni mesto Praha
Locality Name (eg, city) [Default City]: Prague
Organization Name (eg, company) [Default Company Ltd]: Webhosting & Son ltd.
Organizational Unit Name (eg, section) []: Tech Department
Common Name (eg, your name or your server's hostname) []: www.mydomain.cz
Email Address []: contact@domainowner.cz
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
The request is now located in the file www.mydomain.cz.csr. The www.mydomain.cz.key file contains a private key, please keep it safe and confidential.
Validation
The Certificate Authority usually requires confirmation of domain ownership via a link sent to the email mailbox@mydomain.cz (you can choose from the following mailboxes: admin, administrator, hostmaster, postmaster, webmaster). Therefore, enable the mail services for one of these addresses available on the server.
Validation can also be done using DNS by placing the required TXT record on the domain's authoritative nameservers.
In the case of a Geotrust and RapidSSL certificate for a subdomain, insert the same TXT record twice for both subdomain.mydomain.cz and _dnsauth.mydomain.cz.
Loss of private key
In case of loss of private key, you can reissue RapidSSL and QuickSSL certificate yourself with a new CSR request according to the following instructions: