Note: If you use a subdomain for your brand and your main domain is protected by a wildcard certificate (certificate, issued to *, then you do not need to purchase a new certificate; you can apply the same wildcard certificate to your brand.

To purchase an SSL certificate via Godaddy, Comodo, Geotrust or any other Certificate Authority, you need to generate a Certificate Signing Request (CSR) first. 

There are several ways to generate a CSR file. The following steps describe how to create a CSR with Mac OS X as the shortest one.  

You can also reach out to your provider’s support team for help with generating a CSR.


Command to execute

1.      Open Terminal (go to Search and enter “terminal”, push Enter)


2.      Create a directory with the name “name”

mkdir name

3.      Go to the created directory 

cd name

4.      Initiate a CSR generation (you can change the bold text)

openssl req -new -newkey rsa:2048 -nodes -out name-csr.csr -keyout name-private.key

5.      Provide the following information about the company you are going to generate a CSR for:

Note! The data provided here is just an example; you should use data applicable to your scenario.


Country Name (2 letter code) [AU]:NL

State or Province Name (full name) [Some-State]:Zuid-Holland

Locality Name (eg, city) []:Gorinchem

Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company 

Organizational Unit Name (eg, section) []:ICT

Common Name (e.g. server FQDN or YOUR name) []: 

Email Address []

6.      At this step, you are asked to generate a password. Press ENTER to leave it blank.


7.      Provide an alternative (labeled as “optional”)  company name. If you don’t have anything to enter here, press ENTER to leave it blank


8.      Open the directory with Finder to see generated files

open .


As a result, there are two new files created: 

  • name-csr.csr — this is a Certificate Signing Request. Third party websites such as GoDaddy and Comodo require this for acquiring an SSL certificate.
  • name-private.key — this is a private key, which is needed to identify your certificate. Do not share or lose this key; you must keep it safe and secure. It is required when uploading a certificate into the Control Panel, together with .cert.

The private key should remain confidential: do not share it with anyone and ensure nobody except specified, trusted people have access to it. Otherwise, the security of the data on your domain will be under threat. 

For further instructions, follow the steps in Add an SSL Certificate to an Existing Brand