How to Generate a CSR for a Wildcard SSL Certificate

Your guide to generating a Wildcard CSR on any server

Your Certificate Signing Request (CSR) is more or less an application for an SSL certificate. You can’t get an SSL certificate issued without one. A CSR is an encoded file that offers you a standardized way to send Comodo your public key and some information about your company or organization. Generating a CSR for a Wildcard SSL certificate is extremely similar to generating a CSR for any other SSL certificate, with one key difference: the asterisk.

Before you start

You’ll need to purchase a wildcard certificate before you start the install process. Comodo wildcard certificates start at less than $80/year. Save a bunch when you buy direct!
Buy A Wildcard Certificate – 48% Off

Filling out your CSR

The CSR form in cPanel includes instructions for generating a wildcard certificate CSR.

Here’s the information you’ll need to fill out in your Certificate Signing Request for your Wildcard SSL CSR:

• Common Name (CN) – Your fully-qualified domain name goes here.
• Organization Name (O) – The legal name of your company or organization
• Organization Unit (OU) – What department or division of your company are you?
• Locality (L) – The city your company or organization resides in.
• State or Province (ST) – The state or province your company or organization resides in.
• Country (C) – The country your company or organization resides in.
• Email Address – Self-explanatory
• Root Length – Typically 2048-bit
• Signature Algorithm – SHA-2

What’s this about an asterisk?

Here’s the difference between a Wildcard CSR and a regular CSR, with the Wildcard you place an asterisk at the sub-domain level you’re attempting to encrypt (typically first-level) in your FQDN. For instance, if ComodoSSLstore.com was going to install a Wildcard, our input in the Fully-Qualified Domain Name field would be:

*.ComodoSSLstore.com

As long as you use the asterisk, your Wildcard will work correctly and encrypt your domain, plus all of its accompanying sub-domains. No limit. If you have one-million sub-domains, your Wildcard will cover all of them. And if you ever add another one during the Wildcard’s lifespan, just re-issue it and it’ll cover the new one, too.

Generate a Wildcard SSL CSR on your Server

Each server software has a slightly different way for you to generate your certificate signing request (CSR). Here are instructions for generating a wildcard certificate CSR for all of the most common platforms.

Microsoft IIS

• IIS 5 & 6
• IIS 7
• IIS 8

cPanel

• 11.x (Paper Lantern Theme-Modern)

Plesk

• 10
• Odin (v. 11, 12 & 15)

Microsoft Exchange

• Exchange 2007
• Exchange 2010
• Exchange 2013

Microsoft Office Communications

• 2007

F5 Big IP

• V. 8 and Under
• V 9

Web Host Manager

• WHM

Amazon Web Services

• AWS

Nginx

• OpenSSL

Media Temple

• GRID

Apache

• OpenSSL

Tomcat

• Tomcat

LightSpeed

• LightSpeed

Citrix

• Secure Gateway

Jetty Java

• HTTP Servlet Web Security

If your server isn’t on this list, you may need to browse around your control panel or contact your web host support. Remember generating a wildcard certificate CSR is just like generating a standard CSR – you just need to add the *. before your domain!