Jason Parms

CSR represents Certificate Signing Request, an integral part of an SSL certificate and is an encrypted text that an applicant sends to the Certificate Authority (CA) to validate the information for issuing the certificate.

The certificate for which you have requested will only work with the private key generated with the CSR. The public key used in SSL certificate is also used to sign the CSR. Upon gathering CSR data, the CA creates a certificate.

CSR contains three fractions such as certificate information, a signature algorithm identifier, and a digital signature.

Content of CSR:

When you create a certificate signing request, you must fill below kind of information in your server.

Information Description Examples
Common Name It is a fully qualified domain name (FQDN) of the web server. The name should be matched with the name you enter in the browser otherwise; the browser will show a name mismatch error. www.example.com
shop.example.com
*.example.com
Organization It is a full name of your organization that should include the suffix like. LTD, .Corp, Inc, LLC. Abbreviated names are not allowed. BusinessName LLC
Department It represents organization’s unit that handles the certificate. IT Department
City/Locality Mention the name of a city where your organization is placed. Forest Hills
State/County/Region Mention the name of the state or region where your organization is placed. New York
Country Mention the ISO code for the country where your organization is placed. US
Email address Provide a valid email address of an organization for the purpose of contact. admin@example.com
Public Key The public key will be used to sign the certificate. Created automatically

Recommended Key Size:

Currently, the bit size of CSR is 2048-bit, which seems strong against potential attack.

How will you generate the CSR?

The CSR, as well as the private key, should be generated on the same server that is going to use the certificate. The generation of CSR depends on the server type like Apple, Java, Plesk, Microsoft IIS versions, Tomcat, etc. The CSR, as well as the private key, should be generated on the same server that is going to use the certificate. The generation of CSR depends on the server type like Apple, Java, Plesk, Microsoft IIS versions, Tomcat, etc. You should follow step-by-step instructions to generate CSR on your server.

Format of the Certificate Signing Request:

CSR is based on Base-64 encoded PEM format, including “—–BEGIN CERTIFICATE REQUEST—–” and “—–END CERTIFICATE REQUEST—–” lines. Once Certificate Signing Request generated on your server then open it in text editor, which appears below example:

CSR - certificate signing request

What does the CA (Certificate Authority) do with the CSR?

The certificate authority verifies the CSR, residing in the requesting list. If the request is valid and fulfills all the policies defined by the certificate authority, then they will issue the certificate.