How to generate a CSR

CSR (Certificate Signing Request) – literally translated as Certificate Signing Request. CSR request is generated every time you order SSL certificate. The CSR is an encrypted file that contains information about the domain for which the certificate is ordered and about the company that is ordering the certificate.

A CSR request can be generated in different ways:

The process of generating the CSR on the server differs depending on which web server you will use the certificate and generate the csr accordingly.

Please select the desired certificate provider to see detailed instructions on creating a CSR. If your server is not listed or you need more information, refer to the server documentation or contact your server provider.

Information that is specified in the CSR request

  • Common Name (CN): Domain – in this field you must specify the so-called FQDN (Fully Qualified Domain Name), or simply the domain to which you will install the SSL certificate. For example: www.mydomain.com or mydomain.com. In case you order a wildcard certificate, you must specify your domain in this field in the following way: *.mydomain.com where mydomain.com is your domain name, i.e. put * in front of the domain.
    For Comodo, Geotrust and RapidSSL certificates we recommend to specify the domain with www in the beginning: www.mydomain.com so you get protection for both variants of the domain with and without www. For Symantec certificates, the protection will only be for a single writing variant.
  • Organization Name (O): Organization – the legal name under which your organization is registered or the full name if the certificate is issued to an individual. person.
  • Organization Unit (OU): Unit – a department or subdivision of the organization for which the certificate will be issued, usually indicated by the IT department.
  • Locality (L): City – the full name of the city or town where the organization or individual is located. person.
  • State or Province Name (ST): Region or State – for example: Kievskaja Oblast
  • Country (C): Country – the two-letter country code according to ISO 3166-1, a complete list of codes can be viewed on wikipedia, for example: for Ukraine UA
  • Email Address: The email address of the company, you should be able to receive and respond to emails at this address when the certificate is issued.
  • Key size: 2048 or 4096 bits. The default key length selected is 2048 bits, today’s industry standard.
  • Hashing algorithm: SHA-1 or SHA-2. Today it is recommended to use SHA-2 as the most secure one and that is the option we have set by default.

Make sure you do not use invalid characters in any of the fields in the CSR. Invalid characters [! @ # $% ^ () ~? > <& / \,. “‘]
Check the country code field. For example, if you are in the UK, do not specify the country code when creating a CSR as “UK” – the correct code should be “GB”.
Make sure you have a header and footer in your CSR.

A CSR with a header and footer will look like this:
—– BEGIN CERTIFICATE REQUEST —–
encoded data
—– END CERTIFICATE REQUEST —–
Make sure there are 5 dashes on either side of the beginning and end of the certificate request. There should also be no spaces in the CSR.

Here’s how the CSR request looks like when ordering in our personal cabinet:

CSR

After you make a CSR request on the server or in our personal cabinet you will also receive your private key, which you should keep in a safe place, because it will be used to encrypt information and without it you will not be able to use SSL certificate.

Was this article helpful?

Related Articles

Need Support?

Can't find the answer you're looking for?
Contact Support