What is CSR (Certificate Signing Request)? How to Generate a CSR?

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)

Here’s everything you wanted to know about Certificate Signing Request (CSR)

CSR is an abbreviation for Certificate Signing Request, a very fundamental part of Public Key Infrastructure (PKI). As implied in the name itself, a CSR is a request – a request to a certificate authority to sign a digital certificate. In simple terms, it’s an application form to initiate your certification process.

As we all know, digital certificates such as SSL/TLS certificates vouch for the identity of the party that they have been issued to. In hindsight, it’s not the certificate, but the certificate authority (CA) behind the certificate that acts as a witness and vouchers for your credibility. To do that, the CA first must confirm that you are who you say you are and validate your information through different methods set by the CAB forum. That’s where the CSR comes in.

A CSR contains information such as Common Name, Organization Name, Organization Unit etcetera. A CSR will also have your Public Key. You must fill out these details carefully while generating your CSR as these details will be used to generate your certificate and verify your identity and legitimacy. One small mistake and you’d have to do it all over again.

When you generate a CSR, your key pair – Private Key and Public Key – is also generated. Of course, the Private Key will not be used by the CA, but your Public Key is included in the CSR.

Let’s understand the nuts and bolts of CSR.

CSR Generation

What’s there in a CSR?

A CSR contains the following things:

Common Name:

Don’t get confused by its name. It’s nothing but the Fully Qualified Domain Name (FQDN) of your web server. FQDN is the name you enter in your browser (with or without www). Your Common Name MUST be the same as that name. If not, there will be a mismatch error and that’s not good, Bob.

Organization Name:

This should be the legally registered name of your organization. If you have any suffixes such as LLC., Inc., and Corp, you must also include them. In the case of the DV certificate, just enter your name.

Organization Unit:

Division of your organization handling the certificate (i.e., IT department).


Here, you should enter the city in which you are located.

State or Province:

The State/Province where you or your organization is located.


Select the country where you or your organization is located.


The E-mail address where certificate files will be sent. It must be of your organization if you want OV or EV SSL.

Apart from these, there’s an option to select the Root Length and Signature Algorithm. Keep them as default if you don’t have any particular requirement.

How exactly a CSR looks like?

Prepare to be disappointed because a CSR looks nothing like you’d have expected. It’s basically a string of alphabets, numbers, and symbols that looks like a message from an alien species. Here’s how it looks like:


Disappointed? Of course, you are.

How can I generate a CSR?

While other certificate providers tell you to type in dull and boring OpenSSL commands, we have developed an awesome, automatic, and user-friendly tool that will help you generate your CSR in no time. And you know what the best part is? It’s FREE for everyone. So, what are you waiting for? Head straight to our CSR Generation tool and generate your CSR.

And in case you want to decode your CSR, we’ve got a tool for that, too!

Aren’t we just awesome?

What to do with your CSR?

Once your CSR is generated, you MUST copy and paste it into a text editor (i.e., Notepad) and save it for your future requirements.