SSL2BUY Wiki
News, Information and Resources about SSL Certificates
Comodo
Sectigo
AlphaSSL
RapidSSL
GeoTrust
Thawte
GlobalSign
DigiCert
Symantec
Authorized Reseller

What is CSR? How to Create Certificate Signing Request?

CSR (Certificate Signing Request) will encrypt text that an applicant sends to the CA to validate for issuing an SSL certificate.

CSR represents Certificate Signing Request, an integral part of an SSL certificate and is an encrypted text that an applicant sends to the Certificate Authority (CA) to validate the information for issuing the certificate.

The certificate for which you have requested will only work with the private key generated with the CSR. The public key used in SSL certificate is also used to sign the CSR. Upon gathering CSR data, the CA creates a certificate.

CSR contains three fractions such as certificate information, a signature algorithm identifier, and a digital signature.

Content of CSR:

When you create a certificate signing request, you must fill below kind of information in your server.

Information Description Examples
Common Name It is a fully qualified domain name (FQDN) of the web server. The name should be matched with the name you enter in the browser otherwise; the browser will show a name mismatch error. www.example.com
shop.example.com
*.example.com
Organization It is a full name of your organization that should include the suffix like. LTD, .Corp, Inc, LLC. Abbreviated names are not allowed. BusinessName LLC
Department It represents organization’s unit that handles the certificate. IT Department
City/Locality Mention the name of a city where your organization is placed. Forest Hills
State/County/Region Mention the name of the state or region where your organization is placed. New York
Country Mention the ISO code for the country where your organization is placed. US
Email address Provide a valid email address of an organization for the purpose of contact. admin@example.com
Public Key The public key will be used to sign the certificate. Created automatically

Recommended Key Size:

Currently, the bit size of CSR is 2048-bit, which seems strong against potential attack.

How will you generate the CSR?

The CSR, as well as the private key, should be generated on the same server that is going to use the certificate. The generation of CSR depends on the server type like Apple, Java, Plesk, Microsoft IIS versions, Tomcat, etc. The CSR, as well as the private key, should be generated on the same server that is going to use the certificate. The generation of CSR depends on the server type like Apple, Java, Plesk, Microsoft IIS versions, Tomcat, etc. You should follow step-by-step instructions to generate CSR on your server.

Format of the Certificate Signing Request:

CSR is based on Base-64 encoded PEM format, including “—–BEGIN CERTIFICATE REQUEST—–” and “—–END CERTIFICATE REQUEST—–” lines. Once Certificate Signing Request generated on your server then open it in text editor, which appears below example:

CSR - certificate signing request

What does the CA (Certificate Authority) do with the CSR?

The certificate authority verifies the CSR, residing in the requesting list. If the request is valid and fulfills all the policies defined by the certificate authority, then they will issue the certificate.

About the Author

Ann-Anica Christian

Ann-Anica Christian has honed her linguistic prowess over 6+ years as a Content Creator specializing in SaaS and Digital eCommerce. With a Master's in Electronics Science, she navigates the complexities of technology, translating intricate concepts into accessible and engaging content. She bridges the gap between transformative software solutions and the customer-centric world of online commerce, portraying a digital ecosystem where businesses thrive through technological evolution and customer satisfaction.