Purpose of password when generating CSR

JayFromEpic · Apr 29, 2013

Hello,

Well I must say I have been using SSL's and cPanel itself for some years now and to this day, I have yet to actually use the password that is used when generating a CSR. To my understanding it was used back in the day when the webserver started to load the SSL but this obviously is not used anymore.

So bottom line, what is its use currently and is there any plans to phase this out in the future if its no longer used?

* This is probably a question for cpanel staff but community input is always appreciated

cPanelMichael · Apr 30, 2013

Hello

This is better explained when using the "Generate an SSL Certificate and Signing Request" option in Web Host Mananger with cPanel 11.38:

Some certificate authorities may require CSRs to have a passphrase. The certificate authority can use a CSR passphrase to confirm the identity of the person or organization with whom you wish to communicate. CSR passphrases are stored unencrypted in the CSR. Because of this, and also because you will share this passphrase with a third party, do not use an important password here.

Thank you.

JayFromEpic · Apr 30, 2013

Thank you Michael! Nice to know the purpose of that password!

SageBrian · May 2, 2013

That explanation might be nice on the CSR page, so people don't use a passphrase like, maybe, their root password.

cPanelMichael · May 2, 2013

SageBrian said:
That explanation might be nice on the CSR page, so people don't use a passphrase like, maybe, their root password.

I can certainly open an internal case with that request. Could you let me know which specific CSR page(s) you feel it would be most useful at?

Thank you.

cPanelKenneth · May 3, 2013

SageBrian said:
That explanation might be nice on the CSR page, so people don't use a passphrase like, maybe, their root password.

In cPanel & WHM, the interfaces for generating a CSR contain the following text:

Some certificate authorities may require CSRs to have a passphrase. The certificate authority can use a CSR passphrase to confirm the identity of the person or organization with whom you wish to communicate. CSR passphrases are stored unencrypted in the CSR. Because of this, and also because you will share this passphrase with a third party, do not use an important password here.

Thread starter	Similar threads	Forum	Replies	Date
A	SOLVED What is the purpose of Change Hostname?	General Discussion	6	Mar 6, 2019
D	setup for educational purposes	General Discussion	2	Feb 26, 2016
	/home/username/logs , whats the purpose of this folder	General Discussion	3	Oct 19, 2014
S	What is the purpose of: /usr/local/cpanel/htdocs	General Discussion	1	Oct 1, 2008
S	Is Cpanel free for educational purposes	General Discussion	2	Aug 24, 2005

Search

Search

Purpose of password when generating CSR

JayFromEpic

Well-Known Member

cPanelMichael

Technical Support Community Manager

JayFromEpic

Well-Known Member

SageBrian

Well-Known Member

cPanelMichael

Technical Support Community Manager

cPanelKenneth

cPanel Development