Support Desk

What is a Certificate Signing Request (CSR)

A Certificate Signing Request (also CSR or certification request) is special  file that you provide to a Certification Authority (CA), such as GeoTrust, Symantec and Comodo. It's used by the CA to generate, sign and  issue a new SSL server certificate.

How do I Create a CSR?

CSR's are usually generated directly on the server where you plan to host a secure website or application. Most  servers come with the software libraries needed to generate private keys and CSRs. An example would be OpenSSL which nowadays comes pre-installed on most Linux distributions.

What's in a CSR?

The CSR contains all the necessary information needed by the CA to authenticate your organization such as your domain name, business name and location.

When generating your CSR you will be asked for input. Below are some common fields with descriptions and examples.

Common name: The fully-qualified domain name (FQDN) (e.g., or * for wildcard certs). Organization Name: Your company’s legally registered name (e.g., YourCompany, Inc.). Organizational Unit Name: The name of your department within the organization. Examples: "IT", "Web Sales", or simply leave blank. Locality Name:
The city where your company is legally located. State or Province Name
The state/province where your company is legally located. Do not abbreviate. (e.g., California) Country Name (2 letter code): Two uppercase letters only (United Kingdom, use GB not UK). The country where your company is legally located. Key Bit Length/Size
Select a key size of 2048 bits (1024 bits is no longer supported)

The following characters should not be used when typing in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &

What Does a CSR Look Like?

Below is an example of what your CSR will look like when opened in a simple text editor (e.g, Notepad, TextEdit).


Additional Resources

How-to generate a CSR for popular web servers.
Learn more about the CSR at Wikipedia .