A CSR (Certificate Signing Request) is required to generate an SSL Certificate. Specifically it contains all the information used to determine the exact Fully Qualified Domain Name that will be secured, and if necessary, the company details.
What is a CSR?
A CSR is a block of encrypted text sent from an applicant to the Certificate Authority to apply for and generate an SSL Certificate or Digital Signing Certificate.
What Is Contained within a CSR?
Country codes – The 2 letter ISO code for the country where the organization is based.
State/Province – The state or province where the organization is based.
Town/City – The town or city where the organization is based.
Company/Organisation – The legally registered name for the organization.
Organisation unit/ Company Division – The department of the organization dealing with the SSL Certificate. IT Department, Security Department etc.
Common Name – This is the Fully Qualified Domain Name (FQDN) that is to be secured.
Email Address – The best email address to contact the organization with.
Key Strength – The strength of RSA Bit encryption the SSL Certificate will be generated in. For instance, RSA 2048 Bit encryption which is the industry standard.
Digest Strength – The strength of SHA algorithm the SSL Certificate will be generated in. For instance, SHA256 which is the industry standard.
How To Generate A CSR
There are two main ways to generate a CSR for an SSL order.
The CSR can usually be created on the server itself. This is sometimes required by the server so the SSL Certificate is valid for that specific server. This process is different for each server type and you will need to consult your server manual or support service for how to do so.
Or, you can create a CSR using the CSR Generator on the Trustico® tools page. To do so, all information in the ‘What is Contained within a CSR?’ section of this article must be entered. The ‘Advanced Settings’ option, if ticked, allows you to select the key strength and SHA size used. The industry standard (RSA 2048 Bit encryption and SHA256 algorithm) are the default on the tool and thus the CSR and Private Key pair will be generated at those strengths if the Advanced Settings is left unselected. If your server can handle higher encryption than the industry standard, it is advisable to do so. If you are unsure, please leave the advanced settings as they are by default.
Things to note
When entering information in the fields, please ensure that all fields are filled. Trustico’s® CSR generation tool will not allow you to generate without all fields filled, however, many servers will allow you to do so. This is not recommended as the details are often important for validating certain types of SSL Certificate.
When entering your organization name, ensure that the full organization name is entered exactly as registered with the government, including any legal classifiers such as ‘Pty Ltd’ or ‘Limited’.
A Private Key is always generated alongside the CSR and is required for SSL Certificate installation. Upon generation, ensure that you save and store the Private Key in a secure directory where it will not be deleted or forgotten.
When using the CSR to place an SSL Certificate order, make sure that the entire CSR is copied and pasted into the ordering system, including ‘BEGIN CERTIFICATE REQUEST’ and ‘END CERTIFICATE REQUEST’ like in the example below: