Generating a Certificate Signing Request (CSR) using
Plesk Server Administrator 2.5

Please note that these files were adapted from online resources available at http://www.plesk.com/html/products/psa/doc.htm

A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform in the enrollment process.

Important Notes on Certificates

• In order to use SSL certificates for a given domain, the domain MUST be set-up for IP-Based hosting.
• When an IP-based hosting account is created with SSL support, a default SSL certificate is uploaded automatically. However, this certificate will not be recognized by a browser as one that is signed by a certificate signing authority.
• The default SSL certificate can be replaced by either a self-signed certificate or one signed by a recognized certificate-signing authority. The self-signed certificate is valid and secure, but many clients prefer to have a certificate signed by a known Certificate Signing Authority.
• You can generate a certificate with the SSLeay utility and submit it to any valid certificate authority. This can be done using the CSR option within PSA.
• If the given domain has the www prefix enabled, you must set-up your CSR or self-signed certificate with the www prefix included. If you do not, you will receive a warning message when trying to access the domain with the www prefix.
• Remember to enter your certificate information in PEM format. PEM format means that the RSA Private Key text must be followed by the Certificate text.
• All certificates are located in the ../vhosts/'domain name'/cert/httpsd.pem file. Where this directory reads "domain name", you must enter the domain name for which the certificate was created.

Generate a Self-signed Certificate or Certificate Signing Request
Access the domain management function by clicking on the Domains button at the top of the PSA interface. The Domain List page appears.

1. Click the domain name that you want to work with. The Domain Administration page appears.
2. If you have established an IP based hosting account with SSL support, the Certificate button will be enabled.
3. Click the Certificate button. The SSL certificate setup page appears.
4. The Certificate Information: section lists information needed for a certificate signing request, or a self-signed certificate. You must fill out these fields before generating your CSR or self-signed certificate.
5. The Bits selection allows you to choose the level of encryption of your SSL certificate. Select the appropriate number from the drop down box next to Bits:.
6. To enter the information into the provided text input fields (State or Province, Locality, Organization Name and Organization Unit Name (optional)) click in the text boxes and enter the appropriate name.
7. To enter the Domain Name for the certificate, click in the text box next to Domain Name: and enter the appropriate domain.
8. The domain name is a required field. This will be the only domain name that can be used to access the Control Panel without receiving a certificate warning in the browser. The expected format is www.domainname.com or domainname.com.
9. Click on the Request button.
10. Selecting Request results in the sending of a certificate-signing request (CSR) to the email address you provided in the certificate fields discussed above. When a CSR (certificate signing request) is generated there are two different text sections, the RSA Private Key and the Certificate Request. Do not lose your RSA private key. You will need this during the certificate installation process. Losing it is likely to result in the need to purchase another certificate.
11. Copy and paste the Certificate Request emailed to you into the InstantSSL web form where it requests a CSR (Certificate Signing Request).
12. When you are satisfied that the SSL certificate has been generated or the SSL certificate request has been correctly implemented, click Up Level to return to the Domain Administration page.