The Certificate Signing Request (CSR) is a small, encrypted text file. The CSR contains all the necessary information needed by a Certificate Authority (CA) to generate and issue a new SSL certificate. Simply put, the CSR is the first and most important step in applying for an SSL certificate. You cant get one without it.
Below is an example of what your 2048-bit CSR will look like. This is a example only and cannot be used to generate your SSL certificate.
-----BEGIN CERTIFICATE REQUEST-----MIIC0TCCAbkCAQAwgYsxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJOWTERMA8GA1UEBxMITmV3IFlvcmsxEDAOBgNVBAoTB0V4YW1wbGUxEDAOBgNVBAsTB0V4YW1wbGUxFDASBgNVBAMTC2V4YW1wbGUuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUjlAfFUjDqBHV18Avpfq3LJEmb9YWgPOYJMz05jFaRKS/UdUnW4u4512QMcq5Kqcj049glus9moU28SSQ9L9ZBnUHtsbMNM6E5+/XgaJW0bJofm5QWrVfsEsILkiWFexrWVM8/QGaZZ/SW+0e4p0azQPkT2C8L59ewykvNRN4I9rKMAAHRSpD/JqShzMtQj9tpm9QxKpLm6h4nIkNOqVPetkv0WljwhIVsETZIcSeOFDlHKojTHHFBLr8ACnOp4IylZMdVIqFcTA/fx6NJ9CSpt2EiGV4J4ky8+QT9Ed4NS9tTDUKxxph4N8URF5UzCvfJGZxvSYVse5l73olCJyQIDAQABoAAwDQYJKoZIhvcNAQEEBQADggEBAJOnMCNMx6a+arZAiLrThXjndfFDfFgQ0NzG1fA94wlzH4FoU4Q8nDf8e820Do4ad734Co63u9ZtUI6A+hVE0JQsv+p/vP4E+MKhvycnKZSQ56dkVKCDs05WMB5XhVZ6etFqKpvYBHWFOJPcZ9k3vMUywa2X086TKA6ZsqS2/kroUCjGcHIIHL2KHRhYIjSrCIwXiqN+dSV4EtccaxQVy48KCCB7DJ6/S7sVYT62we/WJnzlF+5YAjseojGUBsEBYfK4bd76l4wfHhJjVLSC1B0Uf4+B311Hf98NYJqLUnfDVfCpLZT+WngQz/OUi0X4crnNL9EV5g215bOuqN0wzJk=-----END CERTIFICATE REQUEST-----
The CSR is typically generated by the web server software on the server where your site is hosted. In most cases the CSR can be generated by you if you have access to your server via web interface control panel or command-line. How you generate the CSR depends on the brand of web server software your site is hosted on.
When the Web Server generates the CSR it is actually generating a Private and Public Key pair. The private key is kept secret and the public key is bundled into the CSR. The CSR is digitally signed by the private key which proves to the CA that the Web Server has possession of the private key (called proof of possession). Your sites domain name, your business/organizations legal name, city, state, and country are also part of the CSR.
You will be asked for several pieces of info which will be used by the Certificate Authority to create your new SSL certificate. These fields include the Common Name (aka domain, FQDN), organization, country, key bit length, etc. Use the CSR Legend in the right-hand column of this page to guide you when asked for this information. The following characters should not be used when typing in your CSR input: < > ~ ! @ # $ % ^ / ( ) ? , &
In order to verify the validity of your CSR, you can use the following tool to quickly decode your certficate request.
