To purchase a CA SSL certificate from a CA, a Certificate Signing Request (CSR) must be generated.
A CSR is a message sent to a CA that contains the information identifying the applicant, as well
as the applicant's public key. This information (as well as the public key) is embedded in the issued certificate. It includes fields
such as the organization name, city, region and country.
It is important to note that SHA-1 signed certificates are being phased out by CAs, and will not be trusted after January 1, 2017. The stronger SHA-2 family of hash algorithms is replacing SHA-1. This means if you have an older SHA-1 certificate it may need to be replaced.
The most important field is the Common Name (CN), which is normally the fully qualified domain name that you wish to secure using the certificate, e.g. 'www.mydomain.com' or 'myserver.mydomain.com'. Before the CSR is sent, it must be signed by the applicant's private key. The CA sends back the certificate containing these fields, signed by the public key of the CA.
The CompleteFTP manager can generate the keypair (private and public keys) required together with the CSR to be sent to the CA. In the Site/Sites panel, the FTP/FTPS group of settings must be chosen. Drill down to Advanced FTP/FTPS Settings and then to Security Settings. Click on the Server certificate field to display the ellipsis (...) button (see below) and select that to display the Server Certificate dialog box.
Select the Generate a certificate signing request (CSR)
link (see image below) to begin the process of generating a CSR. Note that a private key (in PVK format) is first generated - this key must be
saved to a secure location for use with the issued certificate. Do not lose it! Your certificate is of no use without the corresponding
private key. The end result of the process should be a CSR file and a private key. The CSR file is to be sent to the CA
you have selected. The private key is not sent to the CA.
For step by step instructions on how to generate a CSR, please refer to.