Digital Certificates are essential for securing online communication and protecting data. SSL/TLS Certificates, in particular, build user trust by securing websites and safeguarding personal and financial information.
While SSL Certificates are valuable in today's risky digital environment, obtaining the right one for your business can be confusing and frustrating. This often happens because of the large amount of information needed during the application process, especially when it comes to submitting a Certificate Signing Request (CSR).
Understanding Certificate Signing Requests (CSR) and their significance will simplify the application process. We have provided some information on this page to help decipher what you need to know.
What Is a Certificate Signing Request (CSR)
A Certificate Signing Request (CSR) is a secure message that contains important details about the individual or organization wanting a Digital Certificate. It serves as a common way to send public keys to Certificate Authorities (CA) in a coded file.
The Certificate Signing Request (CSR) is essential in Public Key Infrastructure (PKI) and acts as the initial step for requesting SSL Certificates.
Certificate Signing Request (CSR) Requirements
When generating a Certificate Signing Request (CSR) there are a few key elements which assist to identify the requestor.
Common Name (CN) identifies the organization. It refers to the Fully Qualified Domain Name (FQDN), which is the complete domain name. This indicates the precise position within the Domain Name System (DNS). The Common Name (CN) must match exactly what you enter in your web browser, or you might encounter a security error.
Organization Name (O) is the official legal name of the company. It is different from the Common Name (CN) or Fully Qualified Domain Name (FQDN) and should include any corporate identifiers if applicable. In a Certificate Signing Request (CSR), the Organization Name (O) should always be spelled out, never abbreviated.
Organization Unit (OU) represents the division in charge of managing the SSL Certificate.
Locality (L) includes the city where the organization is based.
State or Province Name (ST) shows the state or province of the organization.
Country (C) indicates the country where the organization is located.
E-Mail Address linked to the SSL Certificate owner should always be provided.
The Certificate Signing Request (CSR) also contains information about the key type and its length. Common key types are RSA and DSA, each with its own benefits and drawbacks. RSA is often chosen for its speed in verification and encryption. DSA focuses on efficiency for verification and decryption using a different mathematical approach. When using RSA, a bit length of 2048 is recommended. The CA/Browser Forum establishes the basic requirements for key sizes currently in use.
When generating a Certificate Signing Request (CSR) a Private Key will also be generated. It is the Private Key that will work with the SSL Certificate that will be issued. The Private Key must not be included in the Certificate Signing Request (CSR) or shared with the Certificate Authority (CA).
The Certificate Signing Request (CSR) is no longer required once the SSL Certificate has been issued.
How To Generate a Certificate Signing Request (CSR)
A Certificate Signing Request (CSR) is required to order an SSL Certificate. The Certificate Signing Request (CSR) is generated from within your hosting control panel, web server software or server operating system software.
Generate your Certificate Signing Request (CSR) and Private Key using our convenient online tool. Remember to store your generated files in a secure location. Generate Certificate Signing Request (CSR) Tool 🔗
Ordering Without a Certificate Signing Request (CSR)
If you do not have access to generate your own Certificate Signing Request (CSR), Trustico® may be able to assist by generating one on your behalf using our AutoCSR service.
This convenient option means you will not require technical knowledge to complete your SSL Certificate order.
When using AutoCSR, sensitive files are delivered in a password-protected archive with a time-limited unlock code available in your order details. Learn About AutoCSR File Unlock Code 🔗
OpenSSL
OpenSSL is a free command line tool that helps users generate a Certificate Signing Request (CSR). Its open-source nature and simplicity make it a popular choice. Many people use it to create Certificate Signing Requests (CSR) in Nginx and Apache web hosting setups. It is especially useful for creating Elliptic Curve Cryptography (ECC) Certificate Signing Requests (CSR).
The following example of an OpenSSL single line command can be used to generate a new Certificate Signing Request (CSR) :
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
When prompted, you can input details for the Certificate Signing Request (CSR), such as the location and Fully Qualified Domain Name (FQDN). Adding a passcode is optional but can enhance security.
Internet Information Services (IIS) Manager
A typical method is to use Microsoft Internet Information Services (IIS) Manager. Start by opening the Connections page in Internet Information Services (IIS) Manager. Next, go to the Server Certificates menu, then click on the Actions page.
Here, you will find the Distinguished Name Properties page. This page includes a Request Certificate tool where you can enter the Fully Qualified Domain Name (FQDN) and other necessary information. Be sure to check the bit length and the cryptographic provider as well.
About Installation Support & Premium Installation
Due to the large amount of different web servers, control panels and uses for our products we do not offer dedicated installation support. However, feel free to contact us via our online e-mail or live chat service and we will attempt to help to the best of our abilities if you are experiencing a technical problem.
Trustico® offers a Premium Installation 🔗 service where we can help generate a Certificate Signing Request (CSR) using your server or device during the installation of the SSL Certificate onto the server.
Visit our Premium Installation 🔗 service page for more information.
Compare RSA - DSA - ECC Encryption Algorithms
The main algorithms used when generating a new Certificate Signing Request (CSR) are RSA, DSA, and ECC, each with its own advantages in performance, speed, and security. Learn About RSA - DSA - ECC Encryption Algorithms 🔗
Accepted Certificate Signing Request (CSR) Country Codes
Below is a list of country codes which should be used when generating your Certificate Signing Request (CSR). Please refer to the codes below to ensure you have used the correct country code if you experience problems when submitting your Certificate Signing Request (CSR) to our automated system.
AFGHANISTAN - AF
ALBANIA - AL
ALGERIA - DZ
AMERICAN SAMOA - AS
ANDORRA - AD
ANGOLA - AO
ANGUILLA - AI
ANTARCTICA - AQ
ANTIGUA AND BARBUDA - AG
ARGENTINA - AR
ARMENIA - AM
ARUBA - AW
AUSTRALIA - AU
AUSTRIA - AT
AZERBAIJAN - AZ
BAHAMAS - BS
BAHRAIN - BH
BANGLADESH - BD
BARBADOS - BB
BELARUS - BY
BELGIUM - BE
BELIZE - BZ
BENIN - BJ
BERMUDA - BM
BHUTAN - BT
BOLIVIA - BO
BOSNIA HERCEGOVINA - BA
BOTSWANA - BW
BOUVET ISLAND - BV
BRAZIL - BR
BRITISH IND. OCEAN TERRITORY - IO
BRUNEI DARUSSALAM - BN
BULGARIA - BG
BURKINA FASO - BF
BURUNDI - BI
BYELORUSSIAN SSR - BY
CAMBODIA - KH
CAMEROON - CM
CANADA - CA
CAPE VERDE - CV
CAYMAN ISLANDS - KY
CENTRAL AFRICAN REPUBLIC - CF
CHAD - TD
CHILE - CL
CHINA - CN
CHRISTMAS ISLAND - CX
COCOS (KEELING) ISLANDS - CC
COLOMBIA - CO
COMOROS - KM
CONGO - CG
COOK ISLANDS - CK
COSTA RICA - CR
COTE D'IVOIRE - CI
CROATIA - HR
CUBA - CU
CYPRUS - CY
CZECH REPUBLIC - CZ
CZECHOSLOVAKIA - CS
DENMARK - DK
DJIBOUTI - DJ
DOMINICA - DM
DOMINICAN REPUBLIC - DO
EAST TIMOR - TP
ECUADOR - EC
EGYPT - EG
EL SALVADOR - SV
ENGLAND - GB
EQUATORIAL GUINEA - GQ
ESTONIA - EE
ETHIOPIA - ET
FALKLAND ISLANDS - FK
FALKLAND ISLANDS (MALVINAS) - FK
FAROE ISLANDS - FO
FIJI - FJ
FINLAND - FI
FRANCE - FR
FRENCH GUIANA - GF
FRENCH POLYNESIA - PF
FRENCH SOUTHERN TERRITORIES - TF
GABON - GA
GAMBIA - GM
GEORGIA - GE
GERMANY - DE
GHANA - GH
GIBRALTAR - GI
GREAT BRITAIN - GB
ERITREA - ER
GREECE - GR
GREENLAND - GL
GRENADA - GD
GUADELOUPE - GP
GUAM - GU
GUATEMALA - GT
GUINEA - GN
GUINEA-BISSAU - GW
GUYANA - GY
HAITI - HT
HEARD AND MC DONALD ISLANDS - HM
HONDURAS - HN
HONG KONG - HK
HUNGARY - HU
ICELAND - IS
INDIA - IN
INDONESIA - ID
IRAN - IR
IRAN (ISLAMIC REPUBLIC OF) - IR
IRAQ - IQ
IRELAND - IE
ISRAEL - IL
ITALY - IT
JAMAICA - JM
JAPAN - JP
JORDAN - JO
KAZAKHSTAN - KZ
KENYA - KE
KIRIBATI - KI
KOREA - KR
KOREA, DEMOCRATIC PEOPLE'S REPUBLIC OF - KP
KUWAIT - KW
KYRGYZSTAN - KG
LAO PEOPLE'S DEMOCRATIC REPUBLIC - LA
LATVIA - LV
LEBANON - LB
LESOTHO - LS
LIBERIA - LR
LIBYAN ARAB JAMAHIRIYA - LY
LIECHTENSTEIN - LI
LITHUANIA - LT
LUXEMBOURG - LU
MACAU - MO
MACEDONIA - MK
MADAGASCAR - MG
MALAWI - MW
MALAYSIA - MY
MALDIVES - MV
MALI - ML
MALTA - MT
MARSHALL ISLANDS - MH
MARTINIQUE - MQ
MAURITANIA - MR
MAURITIUS - MU
MEXICO - MX
MICRONESIA - FM
MOLDOVA, REPUBLIC OF - MD
MONACO - MC
MONGOLIA - MN
MONTSERRAT - MS
MOROCCO - MA
MOZAMBIQUE - MZ
MYANMAR - MM
NAMIBIA - NA
NAURU - NR
NEPAL - NP
JERSEY - JE
NETHERLANDS ANTILLES - AN
NEUTRAL ZONE - NT
NEW CALEDONIA - NC
NEW ZEALAND - NZ
NICARAGUA - NI
NIGER - NE
NIGERIA - NG
NIUE - NU
NORFOLK ISLAND - NF
NORTHERN MARIANA ISLANDS - MP
NORWAY - NO
OMAN - OM
PAKISTAN - PK
PALAU - PW
PANAMA - PA
PAPUA NEW GUINEA - PG
PARAGUAY - PY
PERU - PE
PHILIPPINES - PH
PITCAIRN - PN
POLAND - PL
PORTUGAL - PT
GUERNSEY - GG
ISLE OF MAN - IM
MAYOTTE - YT
PUERTO RICO - PR
QATAR - QA
REUNION - RE
ROMANIA - RO
RUSSIAN FEDERATION - RU
RWANDA - RW
SAINT KITTS AND NEVIS - KN
SAINT LUCIA - LC
SAINT VINCENT AND THE GRENADINES - VC
SAMOA - WS
SAN MARINO - SM
SAO TOME AND PRINCIPE - ST
SAUDI ARABIA - SA
SENEGAL - SN
SEYCHELLES - SC
SIERRA LEONE - SL
SINGAPORE - SG
SLOVAKIA - SK
SLOVENIA - SI
SOLOMON ISLANDS - SB
SOMALIA - SO
SOUTH AFRICA - ZA
SPAIN - ES
SRI LANKA - LK
ST. HELENA - SH
ST. PIERRE AND MIQUELON - PM
SUDAN - SD
SURINAME - SR
SVALBARD AND JAN MAYEN ISL. - SJ
SWAZILAND - SZ
SWEDEN - SE
SWITZERLAND - CH
SYRIAN ARAB REPUBLIC - SY
TAIWAN - TW
THE DEMOCRATIC REPUBLIC OF THE CONGO - CD
TAJIKISTAN - TJ
TANZANIA, UNITED REPUBLIC OF - TZ
THAILAND - TH
TOGO - TG
TOKELAU - TK
TONGA - TO
TRINIDAD AND TOBAGO - TT
TUNISIA - TN
TURKEY - TR
TURKMENISTAN - TM
TURKS AND CAICOS ISLANDS - TC
TUVALU - TV
UGANDA - UG
UKRAINE - UA
UNITED ARAB EMIRATES - AE
UNITED KINGDOM - GB
UNITED STATES - US
UNITED STATES MINOR OUTLYING ISLANDS - UM
URUGUAY - UY
USSR - SU
UZBEKISTAN - UZ
VANUATU - VU
VENEZUELA - VE
VIET NAM - VN
VIRGIN ISLANDS (BRITISH) - VG
VIRGIN ISLANDS (U.S.) - VI
WALLIS AND FUTUNA ISLANDS - WF
WESTERN SAHARA - EH
YEMEN, REPUBLIC OF - YE
YUGOSLAVIA - YU
ZAIRE - ZR
ZAMBIA - ZM
ZIMBABWE - ZW
THE NETHERLANDS - NL
SOUTH GEORGIA AND
THE SOUTH SANDWICH ISLANDS - GS
VATICAN CITY STATE - VA
