JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Obtain a server certificate (X509 / SSL), create the CSR (Certificate Signing Request)

Preamble

If it seems too complicated, fill in the order form and tick the 'guidance option' box (Access a request form).
We'll then go back to you to deliver a turnkey certificate.

Step 0 : Make sure your server handles SSL

Before requesting a certificate you'll have to check several points.
Fistly, make sure your server handles SSL or TLS.
If you do not host your own web site, you won't be able to request a certificate without your hosting company's help.
Note that some hosting companies provide management interface for this purpose (so contact your hosting company and make sure it offers SSL).

Step 1: Generate your certificate signing request file (CSR - PKCS #10)

You have to use one of this server function to create a certificate request (CSR, Certificate Signing Request). Search for the related section in your server manual. You'll find below some condensed instructions for the most common servers.
It is advised to generate a 2048-bit lenght minimum private key: The ANSSI (former DCSSI) made it mandatory to use 2048-bit keys from January 1, 2011. More information here.

During your certificate request you are going to create a private key. Once done, save a backup copy of this key and protect it seriously (ask your server softwer supplier how to do it). Should this key be compromised your certificate will have to be revoked. Should this key be lost you won't be able to use your certificate anymore.

During the CSR generation you'll be ask to fill-in several fields with various information. It is highly recommanded to have your administrative documentation within reach to fill-in the form properly. Any mistake might delay the issuance of your certificate!
Hosting companies: The certificate is always under the name of your customer, here we are then talking about your customer's documents.

  • CN: Common name / domain name / server name / FQDN:
    Indicate here your SSL server name, such as "secure.company.com", "www.my-domain.com" or "www.product.com". No IP address (learn more). No spaces nor blank characters.

    In the case you want to order a multiple-domains / SANs certificate, just enter the main address in the CSR. This one cannot be change during your certificate lifetime. Enter the other address to secure in the order form (those ones can be modified via reissuance).

    N.B.: Using certificates with internal names (xxx.local, yyy.priv, machine_name) or a domain that is not registered or controlled by IANA is disapproved by the CA/Browsers Forum and won't be accepted anymore by November 2015 (learn more).learn more).

  • O: Organisation / Company Name:
    indicate the corporate name of your company (no trade name or acronym), in uppercase preferably.

  • ST: State:
    in France indicate the name of the department where your company headquarters are based (not the number).

  • L: Location / City:
    indicate the city where your company headquarters are based.

  • C: Country:
    indicate FR if your company is in France, BE for Belgium, etc, in uppercase preferably.

  • OU: Organisational unit / Department / Branch :
    We advise not to fill in this field or to enter a generic term such as "IT Department".


Hosting companies and hosting platforms:


Common questions:


Other instructions for CSR generation