Before you can order or reissue an SSL certificate, you need a Certificate Signing Request (CSR). This article explains what a CSR and private key are, how to generate them on your web server, and how to submit the CSR to Enom. You generate the CSR on the server where the certificate will be installed, then paste it into your Enom account.
What a CSR and private key are
A Certificate Signing Request (CSR) is a block of encoded text generated on your web server that contains information about your website and organization. The certificate authority (CA) uses this information to produce your final SSL certificate. A CSR begins with -----BEGIN CERTIFICATE REQUEST----- and ends with -----END CERTIFICATE REQUEST-----.
Each time a CSR is generated, a matching private key is created and saved on the same server. The private key stays on your server and is never submitted to Enom or the CA. The certificate the CA issues is mathematically paired with this private key, so the key must remain available on the server where the certificate will be installed.
Before you begin
- Have access to the web server or hosting control panel where the certificate will be installed.
- Know the exact fully qualified domain name (FQDN) you want to secure (for example, www.yourdomain.com). This becomes the certificate's common name.
- If you do not manage the hosting yourself, ask your web hosting provider to generate the CSR for you. Enom does not generate CSRs on your behalf.
The exact steps to generate a CSR depend on your web server software and certificate authority. cPanel, Plesk, and Microsoft IIS can all generate a CSR through their own interfaces. Use the method that matches your hosting environment.
Step 1: Generate the CSR
If you have command-line access to a server with OpenSSL installed, you can generate a CSR and private key together. The following is a generic example — replace yourdomain with your own values:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csrOpenSSL prompts you for the certificate details. The Common Name must be the exact FQDN you want to secure. When the command completes, you have two files: the CSR (yourdomain.csr) to submit to Enom, and the private key (yourdomain.key) to keep on the server.
If you use a hosting control panel instead of the command line, generate the CSR there: cPanel under SSL/TLS → Generate a New Certificate Signing Request (CSR), or IIS via Server Certificates → Create Certificate Request. The control panel stores the private key automatically.
Step 2: Submit the CSR to Enom
Once you have generated the CSR, submit it inside your Enom account to order or configure your certificate:
- Copy the full CSR text, including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- lines.
- In your account, go to Security → SSL Certificates → Manage.
- Select the certificate marked Not configured (or use Add new first if you have not yet purchased one).
- Paste the full CSR, update the contact information if needed, and click Submit certificate.
For full ordering and validation steps, see Getting Started with Your SSL Certificate. If you are replacing the CSR on a certificate you already own, see Reissuing SSL Certificates.
Protect your private key and keep it on the server where it was generated. Never share it. If the private key is lost or does not match the CSR you submitted, the issued certificate cannot be installed and you will need to generate a new CSR and reissue the certificate.
Next steps
- Confirm which validation level you need before ordering: SSL Certificate Validation Types.
- Once the certificate is issued, install and troubleshoot it: Advanced SSL Setup and Troubleshooting.
Questions? Contact Enom Support.
How helpful was this article?
Thanks for your feedback!
Do you still need help? If so please submit a request here.