Purpose of password when generating CSR

JayFromEpic · Apr 29, 2013

Hello,

Well I must say I have been using SSL's and cPanel itself for some years now and to this day, I have yet to actually use the password that is used when generating a CSR. To my understanding it was used back in the day when the webserver started to load the SSL but this obviously is not used anymore.

So bottom line, what is its use currently and is there any plans to phase this out in the future if its no longer used?

* This is probably a question for cpanel staff but community input is always appreciated

cPanelMichael · Apr 30, 2013

Hello

This is better explained when using the "Generate an SSL Certificate and Signing Request" option in Web Host Mananger with cPanel 11.38:

Some certificate authorities may require CSRs to have a passphrase. The certificate authority can use a CSR passphrase to confirm the identity of the person or organization with whom you wish to communicate. CSR passphrases are stored unencrypted in the CSR. Because of this, and also because you will share this passphrase with a third party, do not use an important password here.

Thank you.

JayFromEpic · Apr 30, 2013

Thank you Michael! Nice to know the purpose of that password!

SageBrian · May 2, 2013

That explanation might be nice on the CSR page, so people don't use a passphrase like, maybe, their root password.

cPanelMichael · May 2, 2013

SageBrian said: ↑

That explanation might be nice on the CSR page, so people don't use a passphrase like, maybe, their root password.
Click to expand...

I can certainly open an internal case with that request. Could you let me know which specific CSR page(s) you feel it would be most useful at?

Thank you.

cPanelKenneth · May 3, 2013

SageBrian said: ↑

That explanation might be nice on the CSR page, so people don't use a passphrase like, maybe, their root password.
Click to expand...

In cPanel & WHM, the interfaces for generating a CSR contain the following text:

Some certificate authorities may require CSRs to have a passphrase. The certificate authority can use a CSR passphrase to confirm the identity of the person or organization with whom you wish to communicate. CSR passphrases are stored unencrypted in the CSR. Because of this, and also because you will share this passphrase with a third party, do not use an important password here.
Click to expand...

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

Purpose of password when generating CSR

JayFromEpic Well-Known Member

cPanelMichael Technical Support Community Manager
Staff Member

JayFromEpic Well-Known Member

SageBrian Well-Known Member

cPanelMichael Technical Support Community Manager
Staff Member

cPanelKenneth cPanel Development
Staff Member

Purpose of /etc/userdomains

Purpose of /usr/local/cpanel/etc/cpbackup-exclude.conf

php-litespeed purpose when Litespeed is not installled

Purpose of mail.domain.ext

exim / dovecot show password

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

Purpose of password when generating CSR

JayFromEpic Well-Known Member

cPanelMichael Technical Support Community Manager Staff Member

JayFromEpic Well-Known Member

SageBrian Well-Known Member

cPanelMichael Technical Support Community Manager Staff Member

cPanelKenneth cPanel Development Staff Member

Purpose of /etc/userdomains

Purpose of /usr/local/cpanel/etc/cpbackup-exclude.conf

php-litespeed purpose when Litespeed is not installled

Purpose of mail.domain.ext

exim / dovecot show password

Share This Page

cPanelMichael Technical Support Community Manager
Staff Member

cPanelMichael Technical Support Community Manager
Staff Member

cPanelKenneth cPanel Development
Staff Member