🌳 We're now planting a tree every time a new service is purchased. Place an order, we'll plant a tree! Learn more ›

How do I generate a Certificate SIgning Request (CSR) using Virtualmin? Print

  • ssl
  • 19

To get an SSL certificate you need to first generate a CSR (Certificate Signing Request) on your server. To do this:

  • Pick your the relevant domain or subdomain from the dropdown at the top of the blue sidebar
  • Go to Edit mail aliases and create an alias for webmaster@example.com to forward to your real email address (example.com is a placeholder, use the domain or subdomain you're ordering the cert for)
  • Go to Server Management > Manage SSL Certificate on the blue sidebar
  • Click the Create Signing Request tab at the top
  • In Server names at the top of the form, remove the www. part of name if present, that shouldn't be included
  • Leave the big Other domain names box under that blank
  • For email address enter webmaster@example.com (where example.com is the cert domain)
  • Department can be left blank unless you work for a large company
  • Organisation should be your company name, or your name if you're an individual.
  • City and State should be filled out with your city or town, and your county, respectively
  • Country code should be GB if you're in the mainland UK (UK is not a valid ISO country code).
  • SSL key size should be either 2048 or 4096, use the default if this doesn't make sense to you
  • Certificate hash type should be SHA2
  • Click Generate CSR Now

A private key and a CSR should now be generated for you. You don't need to worry about the private key, Virtualmin has already installed that in the right place for you. You will now need to send that CSR to us using the customer portal.

You should have received an email from us with the subject "SSL Certificate Configuration Required, containing a link. If you click that link it will take you to a configuration page in our Customer Portal, which will ask you for the CSR. In Virtualmin, copy the section that looks like this:

-----BEGIN CERTIFICATE REQUEST-----
lots of random letters and numbers
-----END CERTIFICATE REQUEST-----

Be sure to include the lines with the dashes, as they're part of the CSR. Now that you have this copied, go back to the configuration page on the Customer Portal and paste it into the box at the top. Ensure you don't have any extra spaces or blank lines above or below the CSR, it won't be accepted if there are.

You can then fill out the remainder of the form. Where it asks for Title you should enter your job title.

When complete, you should press the Click to Continue >> button at the bottom. Due to a bug, it may reject your CSR the first time you submit it, but if you scroll down and click the button a second time it should accept it. If it fails on the second attempt then you should double-check that there are no blank spaces or blank lines before/after your CSR. If you're still unable to submit your CSR, create a support ticket, and include your CSR in the ticket so we can double-check it for you.

If your CSR is accepted you will be asked to pick a verification email address from a list of predefined email addresses. Pick the webmaster@example.com (where example.com is the cert domain) email address that you set up earlier, and then press the Click to Continue >> button.

Comodo will then send you an email with further instructions for confirming that you're really the domain owner, and that you are happy for them to issue the certificate. Follow the steps they require. Once complete, your certificate will then be emailed to you, usually this is sent within an hour for Positive SSL and Essential SSL Wildcard, and can take a few days for EV SSL due to the Extended Validation checks.

When you have the certificate, download the zip file from the email and unzip it. Inside there should be a .crt file with your domain name, which needs to be installed on the server. To do this:

  • Go back to Virtualmin
  • Pick your the relevant domain or subdomain from the dropdown at the top of the blue sidebar
  • Go to Server Management > Manage SSL Certificate on the blue sidebar
  • Click the Apply Signed Certificate tab at the top
  • Press the circle radio button next to Uploaded file
  • Press the paperclip button and attach the .crt file with your domain name
  • Click Install Now to install the certificate

You will also need to install the CA Bundle (sometimes called the intermediate certificate). To do this:

  • Go to Server Management > Manage SSL Certificate on the blue sidebar
  • Click the CA Certificate tab at the top
  • Press the circle radio button next to Uploaded file
  • Press the paperclip button and attach the .ca-bundle file with your domain name
  • Click Install Now to install the CA certificate

That's it, your SSL certificate should now be installed. If you have any questions please create a support ticket, and we'd be happy to help.


Was this answer helpful?

« Back
Member of the North East England Chamber of Commerce
Cyber Essentials Certified
WithSecure Registered Partner
Silver Microsoft Partner
Plesk Partner
Climate Positive Workforrce

Open a support ticket