Certificate Signing Request (CSR)
Digital Certificates are essential for securing online communication and protecting data. SSL/TLS Certificates, in particular, build user trust by securing websites and safeguarding personal and financial information.
While SSL Certificates are valuable in today's risky digital environment, obtaining the right one for your business can be confusing and frustrating. This often happens because of the large amount of information needed during the application process, especially when it comes to submitting a Certificate Signing Request (CSR).
Understanding CSRs and their significance will simplify the application process. We've provided some information on this page to help decipher what you need to know.
What Is A Certificate Signing Request (CSR)
A Certificate Signing Request (CSR) is a secure message that contains important details about the individual or organization wanting a digital certificate. It serves as a common way to send public keys to Certificate Authorities (CAs) in a coded file.
The CSR is essential in public key infrastructure (PKI) and acts as the initial step for requesting SSL Certificates.
CSR Requirements
When generating a CSR there are a few key elements which assist to identify the requestor :
Common Name (CN) identifies the organization. It refers to the Fully Qualified Domain Name (FQDN), which is the complete domain name. This indicates the precise position within the Domain Name System (DNS). The CN must match exactly what you enter in your web browser, or you might encounter a security error. Organization Name (O) is the official legal name of the company. It is different from the common name or FQDN and should include any corporate identifiers if applicable. In a Certificate Signing Request (CSR), the organization name should always be spelled out, never abbreviated. Organization Unit (OU) represents the division in charge of managing the SSL Certificate. Locality (L) includes the city where the organization is based. State or Province Name (ST) shows the state or province of the organization. Country (C) indicates the country where the organization is located. E-Mail Address linked to the SSL Certificate owner should always be provided. |
The CSR also contains information about the key type and its length. Common key types are RSA and DSA, each with its own benefits and drawbacks. RSA is often chosen for its speed in verification and encryption. DSA focuses on efficiency for verification and decryption using a different mathematical approach. When using RSA, a bit length of 2048 is recommended. The CA/Browser Forum establishes the basic requirements for key sizes currently in use.
When generating a CSR a Private Key will also be generated. It is the Private Key that will work with the SSL Certificate that will be issued. The Private Key must not be included in the CSR or shared with the Certificate Authority (CA)
The CSR is no longer required once the SSL Certificate has been issued.
How To Create / Generate
A CSR (Certificate Signing Request) is required to order an SSL Certificate. The CSR is generated from within your hosting control panel, web server software or server operating system software.
OpenSSL
OpenSSL is a free command line tool that helps users generate a Certificate Signing Request (CSR). Its open-source nature and simplicity make it a popular choice. Many people use it to create CSRs in Nginx and Apache web hosting setups. It is especially useful for creating Elliptic Curve Cryptography (ECC) Certificate Signing Requests. The following example of an OpenSSL single line command can be used to generate a new Certificate Signing Request :
When prompted, you can input details for the CSR, such as the location and fully qualified domain name (FQDN). Adding a passcode is optional but can enhance security. |
IIS Manager
A typical method is to use Microsoft’s Internet Information Services (IIS) Manager. Start by opening the Connections page in IIS Manager. Next, go to the Server Certificates menu, then click on the Actions page. Here, you will find the Distinguished Name Properties page. This page includes a Request Certificate tool where you can enter the Fully Qualified Domain Name (FQDN) and other necessary information. Be sure to check the bit length and the cryptographic provider as well. |
About Installation Support & Premium Installation
Due to the large amount of different web servers, control panels and uses for our products we do not offer dedicated installation support. However, feel free to Contact Us via our online e-mail or live chat service and we'll attempt to help to the best of our abilities if you are experiencing a technical problem.
We also offer a Premium Installation 🔗 service where we can help generate a CSR using your server or device during the installation of the SSL Certificate onto the server.
Visit our Premium Installation 🔗 service page for more information.
Compare RSA - DSA - ECC Encryption Algorithms
The main algorithms used when generating a new Certificate Signing Request (CSR) are RSA, DSA, and ECC, each with its own advantages in performance, speed, and security. More Information 🔗
Accepted CSR Country Codes
Below is a list of country codes which should be used when generating your CSR. Please refer to the codes below to ensure you have used the correct country code if you experience problems when submitting your CSR to our automated system.
AFGHANISTAN - AF
ALBANIA - AL
ALGERIA - DZ
AMERICAN SAMOA - AS
ANDORRA - AD
ANGOLA - AO
ANGUILLA - AI
ANTARCTICA - AQ
ANTIGUA AND BARBUDA - AG
ARGENTINA - AR
ARMENIA - AM
ARUBA - AW
AUSTRALIA - AU
AUSTRIA - AT
AZERBAIJAN - AZ
BAHAMAS - BS
BAHRAIN - BH
BANGLADESH - BD
BARBADOS - BB
BELARUS - BY
BELGIUM - BE
BELIZE - BZ
BENIN - BJ
BERMUDA - BM
BHUTAN - BT
BOLIVIA - BO
BOSNIA HERCEGOVINA - BA
BOTSWANA - BW
BOUVET ISLAND - BV
BRAZIL - BR
BRITISH IND. OCEAN TERRITORY - IO
BRUNEI DARUSSALAM - BN
BULGARIA - BG
BURKINA FASO - BF
BURUNDI - BI
BYELORUSSIAN SSR - BY
CAMBODIA - KH
CAMEROON - CM
CANADA - CA
CAPE VERDE - CV
CAYMAN ISLANDS - KY
CENTRAL AFRICAN REPUBLIC - CF
CHAD - TD
CHILE - CL
CHINA - CN
CHRISTMAS ISLAND - CX
COCOS (KEELING) ISLANDS - CC
COLOMBIA - CO
COMOROS - KM
CONGO - CG
COOK ISLANDS - CK
COSTA RICA - CR
COTE D'IVOIRE - CI
CROATIA - HR
CUBA - CU
CYPRUS - CY
CZECH REPUBLIC - CZ
CZECHOSLOVAKIA - CS
DENMARK - DK
DJIBOUTI - DJ
DOMINICA - DM
DOMINICAN REPUBLIC - DO
EAST TIMOR - TP
ECUADOR - EC
EGYPT - EG
EL SALVADOR - SV
ENGLAND - GB
EQUATORIAL GUINEA - GQ
ESTONIA - EE
ETHIOPIA - ET
FALKLAND ISLANDS - FK
FALKLAND ISLANDS (MALVINAS) - FK
FAROE ISLANDS - FO
FIJI - FJ
FINLAND - FI
FRANCE - FR
FRENCH GUIANA - GF
FRENCH POLYNESIA - PF
FRENCH SOUTHERN TERRITORIES - TF
GABON - GA
GAMBIA - GM
GEORGIA - GE
GERMANY - DE
GHANA - GH
GIBRALTAR - GI
GREAT BRITAIN - GB
ERITREA - ER
GREECE - GR
GREENLAND - GL
GRENADA - GD
GUADELOUPE - GP
GUAM - GU
GUATEMALA - GT
GUINEA - GN
GUINEA-BISSAU - GW
GUYANA - GY
HAITI - HT
HEARD AND MC DONALD ISLANDS - HM
HONDURAS - HN
HONG KONG - HK
HUNGARY - HU
ICELAND - IS
INDIA - IN
INDONESIA - ID
IRAN - IR
IRAN (ISLAMIC REPUBLIC OF) - IR
IRAQ - IQ
IRELAND - IE
ISRAEL - IL
ITALY - IT
JAMAICA - JM
JAPAN - JP
JORDAN - JO
KAZAKHSTAN - KZ
KENYA - KE
KIRIBATI - KI
KOREA - KR
KOREA, DEMOCRATIC PEOPLE'S REPUBLIC OF - KP
KUWAIT - KW
KYRGYZSTAN - KG
LAO PEOPLE'S DEMOCRATIC REPUBLIC - LA
LATVIA - LV
LEBANON - LB
LESOTHO - LS
LIBERIA - LR
LIBYAN ARAB JAMAHIRIYA - LY
LIECHTENSTEIN - LI
LITHUANIA - LT
LUXEMBOURG - LU
MACAU - MO
MACEDONIA - MK
MADAGASCAR - MG
MALAWI - MW
MALAYSIA - MY
MALDIVES - MV
MALI - ML
MALTA - MT
MARSHALL ISLANDS - MH
MARTINIQUE - MQ
MAURITANIA - MR
MAURITIUS - MU
MEXICO - MX
MICRONESIA - FM
MOLDOVA, REPUBLIC OF - MD
MONACO - MC
MONGOLIA - MN
MONTSERRAT - MS
MOROCCO - MA
MOZAMBIQUE - MZ
MYANMAR - MM
NAMIBIA - NA
NAURU - NR
NEPAL - NP
JERSEY - JE
NETHERLANDS ANTILLES - AN
NEUTRAL ZONE - NT
NEW CALEDONIA - NC
NEW ZEALAND - NZ
NICARAGUA - NI
NIGER - NE
NIGERIA - NG
NIUE - NU
NORFOLK ISLAND - NF
NORTHERN MARIANA ISLANDS - MP
NORWAY - NO
OMAN - OM
PAKISTAN - PK
PALAU - PW
PANAMA - PA
PAPUA NEW GUINEA - PG
PARAGUAY - PY
PERU - PE
PHILIPPINES - PH
PITCAIRN - PN
POLAND - PL
PORTUGAL - PT
GUERNSEY - GG
ISLE OF MAN - IM
MAYOTTE - YT
PUERTO RICO - PR
QATAR - QA
REUNION - RE
ROMANIA - RO
RUSSIAN FEDERATION - RU
RWANDA - RW
SAINT KITTS AND NEVIS - KN
SAINT LUCIA - LC
SAINT VINCENT AND THE GRENADINES - VC
SAMOA - WS
SAN MARINO - SM
SAO TOME AND PRINCIPE - ST
SAUDI ARABIA - SA
SENEGAL - SN
SEYCHELLES - SC
SIERRA LEONE - SL
SINGAPORE - SG
SLOVAKIA - SK
SLOVENIA - SI
SOLOMON ISLANDS - SB
SOMALIA - SO
SOUTH AFRICA - ZA
SPAIN - ES
SRI LANKA - LK
ST. HELENA - SH
ST. PIERRE AND MIQUELON - PM
SUDAN - SD
SURINAME - SR
SVALBARD AND JAN MAYEN ISL. - SJ
SWAZILAND - SZ
SWEDEN - SE
SWITZERLAND - CH
SYRIAN ARAB REPUBLIC - SY
TAIWAN - TW
THE DEMOCRATIC REPUBLIC OF THE CONGO - CD
TAJIKISTAN - TJ
TANZANIA, UNITED REPUBLIC OF - TZ
THAILAND - TH
TOGO - TG
TOKELAU - TK
TONGA - TO
TRINIDAD AND TOBAGO - TT
TUNISIA - TN
TURKEY - TR
TURKMENISTAN - TM
TURKS AND CAICOS ISLANDS - TC
TUVALU - TV
UGANDA - UG
UKRAINE - UA
UNITED ARAB EMIRATES - AE
UNITED KINGDOM - GB
UNITED STATES - US
UNITED STATES MINOR OUTLYING ISLANDS - UM
URUGUAY - UY
USSR - SU
UZBEKISTAN - UZ
VANUATU - VU
VENEZUELA - VE
VIET NAM - VN
VIRGIN ISLANDS (BRITISH) - VG
VIRGIN ISLANDS (U.S.) - VI
WALLIS AND FUTUNA ISLANDS - WF
WESTERN SAHARA - EH
YEMEN, REPUBLIC OF - YE
YUGOSLAVIA - YU
ZAIRE - ZR
ZAMBIA - ZM
ZIMBABWE - ZW
THE NETHERLANDS - NL
SOUTH GEORGIA AND
THE SOUTH SANDWICH ISLANDS - GS
VATICAN CITY STATE - VA
We Match Our Competitors Prices
We'd prefer not to lose your business, if you have found a cheaper price we'll ensure to welcome you as a customer of Trustico® by matching the price you have found elsewhere. Go ahead and place your order, we'll refund the difference when you advise us within 7 days.