A Step-by-Step Guide to Generate Private Key and CSR in cPanel
cPanel is one of the most popular control panels used by web hosts to manage servers, websites, domains, emails and more. cPanel provides an easy interface and tools to install SSL certificates on your website hosted with cPanel. To activate an SSL certificate on your website, you need two important components – Private Key and Certificate Signing Request (CSR). The private key allows you to decrypt the encrypted data that is sent to your web server while the CSR is used to apply for the SSL certificate from Certificate Authorities.
In this comprehensive guide, we will walk you through the whole process of generate private key and CSR in cPanel with step-by-step.
Why Do You Need Private Key and CSR?
SSL certificates use public key cryptography to secure the data transmission between a web server and a browser.
A public key can encrypt data while only the corresponding private key can decrypt the data. The private key is stored on your web server while the public key is embedded in the SSL certificate issued by the CA.
When the browser connects to your web server secured with an SSL certificate, the server sends its public key from the SSL certificate to the browser. The browser uses this public key to encrypt the data and sends it back to the server. The web server then uses its private key to decrypt this data.
This way, the exchanged data remains securely encrypted during transit and only the server can decrypt it.
The private key proves the ownership of the server and allows it to decrypt encrypted data. It must be kept securely on the server.
The Certificate Signing Request (CSR) contains information about your company and server which is submitted to the CA for issuing an SSL certificate. The CSR is digitally signed with your private key to link your identity with the request.
The CA verifies this information before issuing the SSL certificate containing your details.
So in summary, these are the main purposes of private key and CSR:
- Private Key – Decrypts data encrypted with the public key, proves server identity.
- CSR – Submitted to CA for issuing SSL certificate containing your verified details.
Generating Private Key in cPanel
Follow these steps to generate a private key in cPanel:
1. Login to cPanel
Login to your cPanel control panel using the login credentials provided by your hosting provider.
2. Go to SSL/TLS Manager
In cPanel, browse to Security section and click on SSL/TLS. This will open the SSL/TLS Manager page.
3. Manager Page
Click “Generate, view..Private Keys”
Under the Private Key (KEY) menu, click on the link “Generate, view, upload or delete your private keys”.
4. Fill in Details
On the next page, select the desired “Key Size” as 2048-bit or higher.
In the “Description” field, enter your domain name (example.com) and click on the blue “Generate” button.!
This will generate a unique private key for your domain on the server.
5. Private Key Generated
Once the private key is generated successfully, you will see its details on the page.
The key content is hidden for security but you can view it temporarily by clicking on the eye icon.!
Important Note: The private key should be kept safely on your server. Do not share this key publicly anywhere.
This completes the private key generation process in cPanel. Now let’s move on to creating the CSR.
Generating CSR in cPanel
To generate Certificate Signing Request (CSR) in cPanel, follow these steps:
1. Go to SSL/TLS Manager
Again login to your cPanel control panel and open the SSL/TLS Manager under Security section.
2. Click “Generate, View..CSRs”
Go to the Certificate Signing Requests (CSR) menu. Here click on the link “Generate, view or delete SSL certificate signing requests”.
3. Select Private Key
On the next page, you can see an option to Generate a New Certificate Signing Request (CSR).
By default, a new 2048-bit private key is pre-selected in the drop-down. If you already created a private key, select it from the drop-down.
4. Enter CSR Details
In the CSR details form, enter the correct information for your domain and company. Here are a few important points:
- Domains: Enter your main domain name purchased for the SSL certificate. For a wildcard certificate, enter *.example.com.
- City, State, Country: Enter your full location details. No abbreviations.
- Company: Enter your legally registered company name. Avoid special symbols.
- Email: Your contact email address. Leave it blank if required.
- Passphrase: Can be left blank. Considered obsolete now.!
5. Generate CSR
Once you have entered all the details carefully, click on the blue “Generate” button at the bottom.
6. Copy CSR Code
This will generate the CSR code on the next page. This CSR code needs to be submitted to the SSL certificate provider to issue the certificate.
Nohttps://sslinsights.com/cheap-ssl-certificate-providers/te: The CSR generation process creates a private key on your server if you selected that option. You should not delete or override this key until the SSL certificate is activated.
This completes the CSR generation process in cPanel. You now have the private key and CSR required to purchase and install an SSL certificate.
Copy the entire CSR code including the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines.
Activating SSL Certificate in cPanel
Once you have purchased the SSL certificate and received the certificate files from the provider, follow these steps to activate it in cPanel:
1. Upload Certificate Files
Upload and save the certificate file (with .crt extension) and intermediate certificate file to a folder on your server.
2. Install Certificate
In cPanel, go to SSL/TLS > Install SSL Certificate and fill in the details:
- Select domain name
- Enter certificate file path
- Enter key file path
- Enter intermediate certificate path
3. Select Activation Method
Choose the activation method as per your setup:
- CPanel’s Apache – For sites hosted on cPanel’s Apache
- Other Apache – For self-managed Apache servers
- Nginx – For sites hosted on Nginx servers
4. Activate SSL
Click on “Install Certificate” which will activate the SSL on your website.
The domain will now show the padlock icon in browsers.
Step 3: Install the SSL Certificate
Once you receive the SSL certificate files from the CA, it’s time to install it on the Debian server.
The certificate will be sent in a .zip archive containing the following files:
Conclusion on Generate Private Key and CSR in cPanel
Generating a private key and CSR are the first important steps to activating SSL on your cPanel hosted websites.
Make sure to enter the correct details when creating the CSR and safely store the private key on your server. Using the above steps, you can easily obtain the CSR from cPanel and complete the SSL installation process.
FAQs on Generate Private Key and CSR in cPanel
What is a CSR and private key?
A Certificate Signing Request (CSR) contains information about your server and company which is submitted to the Certificate Authority (CA) to obtain an SSL certificate. The private key allows your server to securely decrypt encrypted data sent by browsers using the public key contained in the SSL certificate.
How do I find my private key in cPanel?
To find your existing private key in cPanel:
- Go to SSL/TLS Manager and click “Generate, View..Private Keys”
- Your existing private keys will be listed here. The key content is hidden but can be viewed temporarily by clicking the eye icon.
Where are private keys stored in cPanel?
By default, cPanel stores private keys in the /var/cpanel/ssl/private directory on your server. The keys are assigned .key extension. For security, make sure this directory has permissions set to 600.
How do I delete a private key in cPanel?
To delete a private key in cPanel:
- Go to SSL/TLS Manager > Generate, View..Private Keys
- Select the key you want to delete and click “Delete”
- Click OK on the confirmation popup to permanently delete the key from your server.
How do I create wildcard CSR in cPanel?
To generate a wildcard CSR for *.example.com in cPanel, enter the common name as .example.com in the CSR generation form. Make sure to include the asterisk at the beginning. Rest of the details will remain the same.
How do I create CSR for multiple domains in cPanel?
When generating CSR in cPanel, enter each additional domain name in a new line under Domains field to create a single CSR for multiple domains. This CSR can be used to activate SAN or Multi-Domain SSL certificates.
Can I renew an SSL certificate with the existing CSR?
Yes, you can renew an SSL certificate using the original CSR if it was generated less than 2 years ago. Since a CSR contains your company details, you can simply re-submit it to the CA while renewing the certificate. There is no need to create a new CSR during renewal unless your company details have changed.