An SSL Certificate Signing Request (CSR) is a digital document sent to a Certificate Authority (CA) to request an SSL (Secure Sockets Layer) Certificate for a website. This request contains details about the business looking to obtain one to enable encrypted data transfers between visitors’ browsers and a website’s server.

Components of an SSL Certificate Signing Request – CSR

A SSL Certificate CSR contains the details of the organisation that needs to be authenticated and verified by the CA to issue the SSL certificate. This includes:

• Common Name (CN): This refers to the Fully Qualified Domain Name (FQDN) for which the certificate is requested, usually a website’s primary domain.
• Organisation (O): Represents the legal name of the organisation applying the certificate.
• Organisational Unit (OU): The specific unit or department within the organisation associated with the certificate.
• Locality (L): Indicates the city or location of the organization.
• State or Province (ST): Specifies the state or province where the organisation is located.
• Country (C): Represents the two-letter country code of the organisation.
• Public Key: The public key generated on the server where the certificate will be installed. This is paired with a private key to enable secure communication through encryption.
• Key Usage: This provides information on how the key pair (public and private) will be used, such as for digital signatures, key encipherment, or both.

Generating a Certificate Signing Request

Creating a Certificate Signing Request (CSR) involves several steps and may vary slightly depending on the server software or tools you are using. However, the basic principles are, for the most part, the same.

The first and most important step is generating a private key. This key is essential for encrypting and decrypting data. The private key is generated on the server where the SSL certificate will be installed.

After generating the private key, you can then create the CSR. This file includes the public key, which pairs with the private key, and details about your business and domain.

It’s important to note the private key and CSR are generated together; the private key remains on your server while the CSR is sent to the CA. It’s vital that it remains secure and is never shared.

There are various tools and methods you can use to generate a CSR:

• OpenSSL: This common command-line tool used on Linux and Unix systems allows you to generate both the private key and the CSR.  
• Web Server Software: Web servers like Apache and IIS have built-in tools or wizards to help generate CSRs.
• Control Panels: Web hosting control panels like cPanel provide user-friendly interfaces for creating CSRs.  
• Online Generators: While available, using online tools to generate your CSR can potentially expose you to security risks, so exercise caution when using them.

Additional Information

Obtaining an SSL/TLS certificate 

Acquiring an SSL/TLS certificate begins with generating a Certificate Signing Request on the server where the certificate will be installed. Once created, the CSR is forwarded to a Certificate Authority for validation. The CA uses the information in the CSR to verify your identity and domain ownership.

Once the details in the CSR have been verified, the CA issues a digital certificate that links the business’s information to a public key. From there, the digital certificate is installed on the server, allowing for encrypted communication between the server and visitors’ browsers.

Generating a SSL CSR for a Wildcard Certificate

When generating a CSR for a Wildcard certificate for multiple subdomains, include an asterisk (*) at the start of the common name, like example.com. This allows the wildcard character () to denote any name lacking a dot character. After generating your CSR, copy and paste it into the designated section of the online order form during SSL certificate configuration.