A Certificate Signing Request (also CSR or certification request) is special file that you provide to a Certification Authority (CA), such as GeoTrust, Symantec and Comodo. It's used by the CA to generate, sign and issue a new SSL server certificate.
CSR's are usually generated directly on the server where you plan to host a secure website or application. Most servers come with the software libraries needed to generate private keys and CSRs. An example would be OpenSSL which nowadays comes pre-installed on most Linux distributions.
The CSR contains all the necessary information needed by the CA to authenticate your organization such as your domain name, business name and location.
When generating your CSR you will be asked for input. Below are some common fields with descriptions and examples.
|Common name:||The fully-qualified domain name (FQDN) (e.g., www.example.com or *.example.com for wildcard certs).|
|Organization Name:||Your company’s legally registered name (e.g., YourCompany, Inc.).|
|Organizational Unit Name:||The name of your department within the organization. Examples: "IT", "Web Sales", or simply leave blank.|
||The city where your company is legally located.|
|State or Province Name
||The state/province where your company is legally located. Do not abbreviate. (e.g., California)|
|Country Name (2 letter code):||Two uppercase letters only (United Kingdom, use GB not UK). The country where your company is legally located.|
|Key Bit Length/Size
||Select a key size of 2048 bits (1024 bits is no longer supported)|
The following characters should not be used when typing in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &
Below is an example of what your CSR will look like when opened in a simple text editor (e.g, Notepad, TextEdit).
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
Please contact our support team if you have any additional problems or questions.