Support Desk

What is a Certificate Signing Request (CSR)

A Certificate Signing Request (also CSR or certification request) is special  file that you provide to a Certification Authority (CA), such as GeoTrust, Symantec and Comodo. It's used by the CA to generate, sign and  issue a new SSL server certificate.

How do I Create a CSR?

CSR's are usually generated directly on the server where you plan to host a secure website or application. Most  servers come with the software libraries needed to generate private keys and CSRs. An example would be OpenSSL which nowadays comes pre-installed on most Linux distributions.

What's in a CSR?

The CSR contains all the necessary information needed by the CA to authenticate your organization such as your domain name, business name and location.

When generating your CSR you will be asked for input. Below are some common fields with descriptions and examples.

Common name: The fully-qualified domain name (FQDN) (e.g., www.example.com or *.example.com for wildcard certs). Organization Name: Your company’s legally registered name (e.g., YourCompany, Inc.). Organizational Unit Name: The name of your department within the organization. Examples: "IT", "Web Sales", or simply leave blank. Locality Name:
The city where your company is legally located. State or Province Name
The state/province where your company is legally located. Do not abbreviate. (e.g., California) Country Name (2 letter code): Two uppercase letters only (United Kingdom, use GB not UK). The country where your company is legally located. Key Bit Length/Size
Select a key size of 2048 bits (1024 bits is no longer supported)

The following characters should not be used when typing in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &

What Does a CSR Look Like?

Below is an example of what your CSR will look like when opened in a simple text editor (e.g, Notepad, TextEdit).

-----BEGIN CERTIFICATE REQUEST-----
MIIB3zCCAUgCAQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdHZW9yZ2lhMRAw
DgYDVQQHEwdBdGxhbnRhMREwDwYDVQQKEwhHZW9DZXJ0czEaMBgGA1UECxMRSW5l
cm5ldCBNYXJrZXRpbmcxGTAXBgNVBAMTEHd3dy5nZW9jZXJ0cy5jb20xITAfBgkq
hkiG9w0BCQEWEmFkbWluQGdlb2NlcnRzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEA5KOi+RnRzBuBQeFYjrwZg1sfT7zr4L8j0Khuoj621x+lGBmFC76c
kGclUIQBmuyp9T9NrNqAjGtEmgdFr6cWLJtgXgi+BaZDLX9BMYF49NuTggNoEUMX
crQRAENHb2YthG2SEcf5p98RNcDPzWOA3a4AMvgkxDlDGYUhbcQhnt0CAwEAAaAA
MA0GCSqGSIb3DQEBBAUAA4GBAIapt6Tw0BTYUwEAX0/oKvaaN/ghErR85jdW7xOD
b1hL0yNfb495A7e/IQyBEP5a/v+QUOtiblS4geiPhH9etAI+DSQmctjbf6dMGJql
gCXGwlsTbjPOSmNT+/X2Uvf1BlplwqAMDghEuFHsjshlypz1NEg94ri2K9N1VrBs
-iAv
-----END CERTIFICATE REQUEST-----

Additional Resources

How-to generate a CSR for popular web servers.
Learn more about the CSR at Wikipedia .