JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Obtain a server certificate (X509 / SSL), create the certificate request: the CSR (Certificate Signing Request)

Preamble

If it seems too complicated, fill in the certificate application form and check the 'guidance option' box (Access a request form).
We'll then go back to you to deliver a turnkey certificate.

Step 0 : Make sure your server handles SSL

Before requesting a certificate you'll have to check several points.
Fistly, make sure your server handles SSL or TLS.
If you do not host your own web site, you won't be able to request a certificate without your hosting company's help.
Note that some hosting companies provide management interface for this purpose (so contact your hosting company and make sure it offers SSL).

Step 1: Generate your certificate signing request file (CSR - PKCS #10)

You will need to use a function on this server to generate a Certificate Signing Request (CSR). Look for the section detailing this operation in your software's help and manuals. Below you will find summarized instructions for the most common servers.
It is advised to generate a public key of at least 2048-bit ANSSI and NIST impose the use of 2048-bit keys or more since January 1st 2011, More information here.

When requesting a certificate you will generate a private key. As soon as this key is generated, make a backup copy and protect it very carefully. Check exactly how to back up this private key with your server software provider. If this key falls into the wrong hands your security is compromised and you will have to revoke your certificate. If you lose the key you will not be able to use this certificate anymore. Translated with www.DeepL.com/Translator (free version)

During the generation of CSR, a certain number of fields will be proposed to you to enter the information. It is strongly recommended to have the administrative documentation within reach on hand to fill in the fields correctly. Any error in the input of a field will result in a delay!
Hosting companies: The certificate is always under the name of your customer, here we are then talking about your customer's documents.

  • CN : Common name / domain name / server name / FQDN:
    here you have to indicate the name of your SSL server, for example "secure.entreprise.fr", or "www.mon-domaine.fr" or www.produit.com. No IP address (learn more). No spaces nor blank characters.

    In case you want to order a multi-domain certificate / SANs, enter in the CSR only one address, the main one, the one that cannot be changed during the lifetime of your certificate (It is in our order form that you can then enter the other addresses to be secured, which can be updated at the time of re-creations).

    N.B.: The use of certificates containing a reserved IP address or an internal name (xxx.local, machine_name) is disapproved by the CA / Browsers Forum and will not be accepted by any authority (learn more).

  • O : Organisation / Company Name:
    Write the name (not the trade name or acronym) of your company or organization here, preferably in capital letters.

  • ST : State:
    in France indicate the name of the department where your company headquarters are based (not the number).

  • L : Location / City:
    indicate the city where your company headquarters are based.

  • C : Country:
    indicate FR if your company is in France, BE for Belgium, etc, in uppercase preferably.

  • OU : Organisational unit / Department / Branch:
    We advise not to fill in this field or to enter a generic term such as "IT Department".

Please note Some fields are subject to change by the authority, as they apply their own policies when issuing certificates. You can find more information on this page: Standard certificate fields



Hosting companies and hosting platforms:


Common questions:


Other instructions for CSR generation