All GeoTrust SSL CertificatesAbout the CSR
The Certificate Signing Request (CSR) is a small, encrypted text file. The CSR contains all the necessary information needed by a Certificate Authority (CA), such as GeoTrust, to generate and issue a new SSL certificate. Simply put, the CSR is the first and most important step in applying for an SSL certificate. You can't get one without it.
Below is an example of what your CSR will look like. This
is a example only and cannot be used to generate your SSL certificate.
-----BEGIN CERTIFICATE REQUEST-----
MIIB3zCCAUgCAQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdHZW9yZ2lhMRAw
DgYDVQQHEwdBdGxhbnRhMREwDwYDVQQKEwhHZW9DZXJ0czEaMBgGA1UECxMRSW5l
cm5ldCBNYXJrZXRpbmcxGTAXBgNVBAMTEHd3dy5nZW9jZXJ0cy5jb20xITAfBgkq
hkiG9w0BCQEWEmFkbWluQGdlb2NlcnRzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEA5KOi+RnRzBuBQeFYjrwZg1sfT7zr4L8j0Khuoj621x+lGBmFC76c
kGclUIQBmuyp9T9NrNqAjGtEmgdFr6cWLJtgXgi+BaZDLX9BMYF49NuTggNoEUMX
crQRAENHb2YthG2SEcF5p98RNcDPzWOA3a4AMvgkxDlDGYUhbcQhnt0CAwEAAaAA
MA0GCSqGSIb3DQEBBAUAA4GBAIapt6Tw0BTYUwEAX0/oKvaaN/ghErR85jdW7xOD
b1hL0yNfb495A7e/IQyBEP5a/v+QUOtibHS4geiPhH9etAI+DSQmctjbf6dMGJql
gCXGwlsTbjPOSmNT+/X2Uvf1BlplwqAMDghEuFHsjshlypz1NEg94ri2K9N1VrBs
+iAv
-----END CERTIFICATE REQUEST-----
The CSR is typically generated by the web server software on the server where your site is hosted. In most cases the CSR can be generated by you if you have access to your server via a web interface "control panel" or command-line. In other cases your hosting provider may need to help you. How you generate the CSR depends on the brand of web server software your site is hosted on. The most popular are Apache and Windows.
When the Web Server generates the CSR it is actually generating a Private and Public Key pair. The private key is kept secret and the public key is bundled into the CSR. The CSR is digitally signed by the private key which proves to the CA that the Web Server has possession of the private key (called “proof of possession”). Your site's domain name, your business/organization's legal name, city, state, and country are also part of the CSR.
When generating a CSR you will be asked to supply specific information about your web site and about your business/organization. The table below lists all of the fields in a CSR, an explanation of each field, and examples. When creating a CSR you must follow these conventions. The following characters cannot be accepted: < > ~ ! @ # $ % ^ / \ ( ) ? , &
| Field | Explanation | Example |
|---|---|---|
| Common Name (CN) (host name, FQDN, etc.) |
The fully qualified domain name for your web server. This must be an exact match. | If you intend to secure the URL https://www.domain.com,
then your CSR's common name must be "www.domain.com". For https://secure.domain.com it must be "secure.domain.com". For just https://domain.com it must be just "domain.com". For https://owa.mailserver.net it must be "owa.mailserver.net". A Wildcard for https://sub.primary-domain.com must be "*.primary-domain.com". The asterisk must be included for Wildcard CSR's. |
| Organization (O) | The exact legal name of your organization. Do not abbreviate your organization name. | Metro Realty LLC or Flowers by Jenny |
| Organizational Unit (OU) | Section of the organization | Sales Division or IT or Marketing |
| City or Locality (L) | The city where your organization is legally located. Cannot be abbreviated. | Boston |
| State (S) or Province | The state or province where your organization is legally located. Cannot be abbreviated. | Massachusetts |
| Country (C) | The two-letter ISO abbreviation for your country. | US, CA, GB, (must be two-letters) |
| Any email address. This field is arbitrary but must be filled in. GeoTrust will not use this email address to process your order. | user@domain.com | |
| Key Bit Length | The key bit length has to do with the initial key exchange, not the encryption strength of your certificate. | GeoTrust recommends a key bit length of at least 1024 |
bitscan™