How to Generate a CSR for a Wildcard SSL Certificate in 2025

The ultimate guide that covers the steps to create a CSR for a wildcard certificate on any server

A certificate signing request (CSR) is akin to an application for an SSL certificate. (NOTE: You can’t get any SSL/TLS certificate issued without one.) This encoded file offers a standardized way to send Comodo CA (now Sectigo) your public key and some information about your company or organization.

The process of creating a CSR for a wildcard SSL certificate is extremely similar to that of a basic SSL/TLS certificate. The biggest difference? The wildcard asterisk character (*). However, there are a few important nuances that you must know to avoid the pitfalls of improperly formatting your wildcard SSL certificate signing request. If something is done incorrectly (i.e., you enter the wrong Common Name), you’ll have to generate a new CSR.

Let’s explore the wildcard CSR process in all of its glory.

Before You Start

How to Generate a Wildcard: Filling Out Your CSR

Here’s the information you’ll need to fill out in your certificate signing request for your wildcard SSL CSR:

• Common Name (CN) — This is the fully qualified domain name that’s featured in the SSL/TLS certificate. The wildcard SSL CSR Common Name format you must use varies based on the type of certificate you’re requesting (i.e., a basic wildcard for a single domain vs a multi-domain wildcard certificate). This is where that wildcard asterisk comes into play:
  • For a single-domain wildcard SSL certificate: The common name you must list in the CSR must be a single wildcard domain (e.g., *.ComodoSSLstore.com or *.subdomain1.ComodoSSLstore.com).
  • For a multi-domain wildcard SSL certificate: The common name can’t contain a wildcard asterisk (*) and must be a fully qualified domain name (FQDN) such as ComodoSSLstore.com. However, all subject alternative name domains (SANs), up to 1,000 in total (depending on which SAN wildcard certificate you choose), can be FQDNs, wildcard domains, or a mix of both.
• Organization Name (O) — The legal name of your company or organization
• Locality (L) — The city your company or organization resides in.
• State or Province (ST) — The state or province your company or organization resides in. (Don’t abbreviate your state or province.)
• Country (C) — The country your company or organization resides in.
• Email Address — This is pretty self-explanatory
• Root Length — Typically 2048 bits
• Signature Algorithm — SHA-256

NOTE: The precise requirements may vary slightly depending on your chosen wildcard SSL CSR generation method. 

Where and How Do You Create a CSR for Wildcard SSL Certificates?

Traditionally, there are a couple of options for how to create a CSR for a wildcard certificate.

1. You can generate a wildcard certificate signing request in your FTP site cPanel (which is one of the methods we’re going to cover here).
2. You can generate a CSR directly on your server using our CSR generation tutorials.

However, there’s now a third approach that comes in handy when it comes to having to renew your expiring wildcard SSL certificates: AutoInstall SSL. This easy-to-use certificate automation tool, which is part of ComodoSSLstore.com’s new CertPanel dashboard, enables you to cross off all the monotonous tasks on your to-do list that are associated with generating and installing a certificate on your website.

To access your CertPanel account, go to our home page and click the Login button located in the top-right corner of our website. Don’t have a CertPanel login yet? No worries, simply click on the No CertPanel Account link and go from there.

Method #1: Generate a Wildcard CSR in CPanel

• Sign in to your site’s FTP server. Under Security, select SSL/TLS Certificates:

• In the right-hand column, select the Generate, view or delete SSL certificate signing requests option under the Certificate Signing Requests (CSR) section:

This will bring up a new screen where you can fill in the wildcard SSL CSR details, which we covered earlier.

Alternatively, you can generate a wildcard certificate directly on your server.

Method #2: Generate a Wildcard SSL CSR on Your Web Server

Each server software has a slightly different way for you to generate your certificate signing request (CSR). Here are instructions for generating a wildcard certificate CSR for all of the most common platforms.

Microsoft IIS

• IIS 5 & 6
• IIS 7
• IIS 8
• IIS 10

cPanel

• 11.x (Paper Lantern Theme-Modern)

Plesk

• 10
• Odin (v. 11, 12 & 12.5)

Microsoft Exchange

• Exchange 2007
• Exchange 2010
• Exchange 2013
• Exchange 2016

Microsoft Office Communications

• 2007

F5 Big IP

• V. 8 and Under
• V 9

Web Host Manager

• WHM

Amazon Web Services

• AWS
• Amazon EC2 (AWS)

Nginx

• OpenSSL

Media Temple

• GRID

Apache

• OpenSSL

Tomcat

• Tomcat

LightSpeed

• LightSpeed

Citrix

• Secure Gateway

Jetty Java

• HTTP Servlet Web Security

If your server isn’t on this list, you may need to browse around your control panel or contact your web host support. Remember, generating a wildcard certificate CSR is just like generating a standard CSR — you just need to add the *. combination before your domain!

Take a look at wildcard certificate examples to see the asterisk in action.

Wildcard CSR Example

Here’s a quick example of what the CSR form for all SSL certificates, including wildcards, looks like in cPanel:

Wondering what a wildcard CSR looks like once generated? Here’s an example of a test certificate we generated for this purpose:

That’s it! While generating a wildcard CSR isn’t too complicated, it can be a bit tedious. This is why we recommend automating the process for all of your SSL certificates with AutoInstall SSL, including wildcards, to free you up to work on other tasks that require your critical thinking and problem-solving skills.