Log In
Register
SSL Brands
Sectigo SSL Certificates
RapidSSL Certificates
Thawte SSL Certificates
GeoTrust SSL Certificates
DigiCert SSL Certificates
SSL Certificates
Single Domain Certificates
SSL Tools
CSR Generator
CSR Decoder
SSL Certificate Decoder
SSL Certificate Checker
SSL / Key Matcher
Contact
How to Generate a CSR
How to Generate a CSRA Certificate Signing Request (CSR) is a file that contains your public key and identifying information about your organization. You submit the CSR to a Certificate Authority (CA) when purchasing an SSL certificate, and they use it to create your SSL certificate.
What Information You Need
Before generating a CSR, gather the following information:
Common Name (CN). The fully qualified domain name (FQDN) for your website, like www.example.com or example.com.
Organization Name. Your company’s legal name exactly as it appears in official documents.
Organizational Unit. Your department name (optional), such as “IT Department” or “Web Security.”
City/Locality. The city where your organization is located.
State/Province. The full name of your state or province (not abbreviated).
Country Code. Two-letter ISO country code, such as “US” for United States or “GB” for United Kingdom.
Email Address. A valid contact email address for certificate management.
Online CSR Generation Tools
For users who cannot access server command lines or need a simpler solution:
SSL Certificate Signing Request Generator. Use our free online CSR/KEY tool for easy, browser-based CSR generation without requiring Java or special software.
How to Generate a CSR on your server
Most web servers and hosting control panels include built-in CSR generation tools:
cPanel/WHM. Navigate to SSL/TLS section and select “Generate, view, or delete SSL certificate signing requests.”
Apache (Command Line). Use OpenSSL command: openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
Windows IIS. Use the Internet Information Services (IIS) Manager to request a certificate through the Server Certificates feature.
Nginx. Generate using OpenSSL with similar commands to Apache, then configure the certificate files in your Nginx configuration.
Important CSR Requirements
Key Length. Use at least 2048-bit RSA keys. Many CAs now require 2048-bit minimum, and some support 4096-bit for enhanced security.
Character Encoding. Ensure all information uses standard ASCII characters. Avoid special characters, accents, or symbols that may cause processing issues.
Accuracy. Double-check all information for accuracy. Errors in the CSR may require reissuing the certificate or cause validation delays.
What Happens After Generation
Private Key Protection. The CSR generation process creates both a CSR file and a private key file. Keep the private key secure and never share it.
CSR Submission. Submit the CSR content to your link received after you paid the order.
Certificate Installation. Once issued, you’ll install the SSL certificate on your server using the corresponding private key and CA bundle files.
Common CSR Formats
PEM Format. Most common format, contains text starting with “—–BEGIN CERTIFICATE REQUEST—–” and ending with “—–END CERTIFICATE REQUEST—–.”
DER Format. Binary format that some systems use, though less common than PEM format.
Base64. Text encoding that’s readable and can be copied and pasted into certificate order forms.
Troubleshooting CSR Issues
Invalid Characters. Remove any special characters, symbols, or non-ASCII characters from organization information.
Key Mismatch. Ensure you’re using the correct private key that corresponds to your CSR when installing the certificate.
Missing Information. Some certificate types require all fields to be completed, while others allow certain fields to be left blank.
For organizations needing a quick, reliable CSR generation solution without server access, the online CSR generator at https://mysslpro.com/tools/ssl-certificate-signing-request-generator provides an efficient alternative that works in any web browser without additional software requirements.