A CSR or ‘Certificate Signing Request’ is a block of encrypted text sent from an applicant to the certificate authority in order to apply for and generate an SSL certificate or digital signing certificate. It is most commonly generated in a PKCS #10 format.
To generate an SSL certificate, a CSR is required. A CSR contains all of the information required and used in the generation of an SSL Certificate. This is why a CSR is provided to the certificate authority and is called a Certificate Signing Request.
How It Works? Public and Private Key.
During the generation of a Certificate Signing Request, a pair of keys is created. These are known as the Public and Private keys.
Although both of the keys are created in the process of generating a CSR, the Private key is generated and downloaded as a separate file and is to be kept private. The Private key is what connects to the SSL certificate and secures the connection.
This is unlike the Public key which is contained within the CSR. When an SSL certificate is generated, the Public key and all the information contained within the CSR is transferred into that SSL certificate. This is why an SSL certificate will only work with the Private key that was created along with the counterpart CSR. They are a pair and are both required to match in order to create a secure connection on a network. If you were to lose the Private key, the SSL certificate will not work.
Where Is My Private Key?
If you generated your Certificate Signing Request on your own server it will be located within the Private key directory. Alternatively if you created the Certificate Signing Request using a CSR generator it will be on the server/computer you used to do so. If it was automatically generated through the Trustico® order process, Trustico® will have a copy.
What Is Contained within a CSR.
- Country Code – The 2 letter ISO code for the country where the organization is based.
- State/Province – The state or province where the organization is based.
- Town/ City – The town or city where the organization is based.
- Company/ Organisation – The legally registered name for the organization.
- Organisation unit/ Company Division – The department of the organization dealing with the certificate. IT Department etc.
- Common Name – This is the Fully Qualified Domain Name that is to be secured.
- Email Address – The best email address to contact the organization with.
- Public Key – The public key that will go into the certificate.
How To Generate A CSR.
There are 3 main ways to generate a CSR for an SSL order.
- The CSR can be automatically generated by Trustico®. During the SSL ordering process there is the option to select ‘automatically generate CSR’. This will automatically generate from the information that you provide Trustico® while ordering and is then passed on directly to the Certificate authority. This is the recommended way to generate your CSR.
- You can create a CSR using the CSR Generator on the Trustico® website.
- The CSR can quite commonly be created on the server itself. This is sometimes required by the server in order to create an SSL that is valid for that particular server. This process is different for each server and you will need to research your particular server on how to do this.
How To Check Your CSR
You can quite easily decrypt a CSR to see what information is inside. You can also check the level of encryption and whether it is correctly formatted or it has any issues. You can do this by using the ‘CSR Decoder‘ tool on the Trustico® website. This can be quite helpful if a CSR is not being accepted or you would like to double check the contents before using.
Image: Wallpaperup.
‘What Is A Certificate Signing Request (CSR)’ is licensed under a Creative Commons Attribution 4.0 International License. You have permission to republish this article with attribution to the author and Blog.trustico.com.
