How to Generate a CSR for a Wildcard SSL Certificate in 2025

Rate this article: 1 Star2 Stars3 Stars4 Stars5 Stars (19 votes, average: 3.42)
Loading...

The ultimate guide that covers the steps to create a CSR for a wildcard certificate on any server

A certificate signing request (CSR) is akin to an application for an SSL certificate. (NOTE: You can’t get any SSL/TLS certificate issued without one.) This encoded file offers a standardized way to send Comodo CA (now Sectigo) your public key and some information about your company or organization.

The process of creating a CSR for a wildcard SSL certificate is extremely similar to that of a basic SSL/TLS certificate. The biggest difference? The wildcard asterisk character (*). However, there are a few important nuances that you must know to avoid the pitfalls of improperly formatting your wildcard SSL certificate signing request. If something is done incorrectly (i.e., you enter the wrong Common Name), you’ll have to generate a new CSR.

Let’s explore the wildcard CSR process in all of its glory.

Before You Start

Wildcard SSL Certificate

You’ll need to purchase a wildcard certificate before you start the install process. Comodo wildcard certificates start at less than $80/year. Save a bunch when you buy direct!
Buy A Wildcard Certificate – 48% Off
 

How to Generate a Wildcard: Filling Out Your CSR

cPanel wildcard ssl certificate csr
The CSR form in cPanel includes instructions for generating a wildcard certificate CSR.

Here’s the information you’ll need to fill out in your certificate signing request for your wildcard SSL CSR:

  • Common Name (CN) — This is the fully qualified domain name that’s featured in the SSL/TLS certificate. The wildcard SSL CSR Common Name format you must use varies based on the type of certificate you’re requesting (i.e., a basic wildcard for a single domain vs a multi-domain wildcard certificate). This is where that wildcard asterisk comes into play:
    • For a single-domain wildcard SSL certificate: The common name you must list in the CSR must be a single wildcard domain (e.g., *.ComodoSSLstore.com or *.subdomain1.ComodoSSLstore.com).
    • For a multi-domain wildcard SSL certificate: The common name can’t contain a wildcard asterisk (*) and must be a fully qualified domain name (FQDN) such as ComodoSSLstore.com. However, all subject alternative name domains (SANs), up to 1,000 in total (depending on which SAN wildcard certificate you choose), can be FQDNs, wildcard domains, or a mix of both.
  • Organization Name (O) — The legal name of your company or organization
  • Locality (L) — The city your company or organization resides in.
  • State or Province (ST) — The state or province your company or organization resides in. (Don’t abbreviate your state or province.)
  • Country (C) — The country your company or organization resides in.
  • Email Address — This is pretty self-explanatory
  • Root Length — Typically 2048 bits
  • Signature Algorithm — SHA-256

NOTE: The precise requirements may vary slightly depending on your chosen wildcard SSL CSR generation method. 

Where and How Do You Create a CSR for Wildcard SSL Certificates?

Traditionally, there are a couple of options for how to create a CSR for a wildcard certificate.

  1. You can generate a wildcard certificate signing request in your FTP site cPanel (which is one of the methods we’re going to cover here).
  2. You can generate a CSR directly on your server using our CSR generation tutorials.

However, there’s now a third approach that comes in handy when it comes to having to renew your expiring wildcard SSL certificates: AutoInstall SSL. This easy-to-use certificate automation tool, which is part of ComodoSSLstore.com’s new CertPanel dashboard, enables you to cross off all the monotonous tasks on your to-do list that are associated with generating and installing a certificate on your website.

To access your CertPanel account, go to our home page and click the Login button located in the top-right corner of our website. Don’t have a CertPanel login yet? No worries, simply click on the No CertPanel Account link and go from there.

Method #1: Generate a Wildcard CSR in CPanel

  • Sign in to your site’s FTP server. Under Security, select SSL/TLS Certificates:
A screenshot from our test server cPanel that shows where to access SSL/TLS settings
Image caption: A screenshot of the cPanel on one of our test servers.
  • In the right-hand column, select the Generate, view or delete SSL certificate signing requests option under the Certificate Signing Requests (CSR) section:
A screenshot of where to access the certificate signing request (CSR) form so you can get a wildcard certificate signing request generated
Image caption: A screenshot showing where in cPanel to find the CSR generation form for wildcard (and other) SSL certificates.

This will bring up a new screen where you can fill in the wildcard SSL CSR details, which we covered earlier.

Alternatively, you can generate a wildcard certificate directly on your server.

Method #2: Generate a Wildcard SSL CSR on Your Web Server

Each server software has a slightly different way for you to generate your certificate signing request (CSR). Here are instructions for generating a wildcard certificate CSR for all of the most common platforms.

Microsoft IIS

cPanel

Plesk

Microsoft Exchange

Microsoft Office Communications

F5 Big IP

Web Host Manager

Amazon Web Services

Nginx

Media Temple

Apache

Tomcat

LightSpeed

Citrix

Jetty Java

If your server isn’t on this list, you may need to browse around your control panel or contact your web host support. Remember, generating a wildcard certificate CSR is just like generating a standard CSR — you just need to add the *. combination before your domain!

Take a look at wildcard certificate examples to see the asterisk in action.

Wildcard CSR Example

Here’s a quick example of what the CSR form for all SSL certificates, including wildcards, looks like in cPanel:

A screenshot example showcasing what a certificate signing request form looks like for a basic wildcard SSL certificate (wildcard CSR)
Image caption: An example of a wildcard CSR form’s fields in cPanel for a certificate that aims to secure second-level subdomains (i.e., *.travel.itsatest.site). For first-level subdomains, you’d instead use the first-level subdomain wildcard format (i.e., *.itsatest.site).

Wondering what a wildcard CSR looks like once generated? Here’s an example of a test certificate we generated for this purpose:

A screenshot of an example wildcard CSR
Image caption: We redacted much of this wildcard CSR example above to prevent it from being used. However, the screenshot gives you a pretty good idea of what a certificate signing request looks like.

That’s it! While generating a wildcard CSR isn’t too complicated, it can be a bit tedious. This is why we recommend automating the process for all of your SSL certificates with AutoInstall SSL, including wildcards, to free you up to work on other tasks that require your critical thinking and problem-solving skills. 

Save Up to 75% On

Comodo SSL Certificates

Tip: You can typically save a significant amount by buying your SSL certificate direct instead of through your web hosting company. We sell all Comodo SSL certificates at up to 75% off.