What is a Certificate Signing Request (CSR)?

A CSR (Certificate Signing Request) is a small, base64 encoded text file containing information about the organization and the domain you wish to secure. It is required for the activation of a digital SSL certificate and, as a rule, is generated on the server where the certificate is to be installed. A CSR is submitted to the Certificate Authority and used to generate the certificate.

The Certificate Signing Request should have the following information:

  • Common name (CN)

    Primary domain of the certificate, the fully qualified domain name for which the SSL will be activated (e.g. example.com). For Wildcard certificates, the domain name should be represented with an asterisk in front (e.g. *.example.com).

  • Locality (L)

    The city where the company or applicant is located (e.g. Los Angeles). This parameter should not be abbreviated.

  • State (S)

    The state, county or region the company or applicant is located in (e.g. California).

  • Country (C)

    The two-letter code of the country where the company or applicant is located (e.g. US).

  • Organization (O)

    The officially registered name of the organization that applies for a certificate (e.g. Namecheap Inc.). For Organization and Extended Validation certificates, Certificate Authorities will be verifying the submitted organization. For Domain Validation SSLs, this field is not critical and the details will not be listed on the issued certificate, however it should be filled in.

  • Organization Unit (OU)

    The name of the department or division within the submitted organization (e.g. SSL Support).

  • Email Address

    An email address of the company or the applicant. This field is optional.

The CSR code can contain SAN (Subject Alternative Name) fields in it, which can be used for additional domains you would like to include into a multi-domain certificate. Some web servers and CSR-code generators might have SAN fields included for CSR generation. You can use those fields if you are sure about the domains and the number you would like to secure. You are not obligated to fill in SAN fields during CSR-code generation. If the CSR code is generated with SAN fields, our system will try to fetch them automatically to the corresponding boxes for additional domains when activating a Multi-domain certificate. If the CSR was generated for the primary domain only, additional domains should be filled in manually during the activation.

The CSR code also contains the public key that will be included into your certificate. The encryption of data by SSL certificates is based on using two keys – public and private. Public key (embedded into the CSR code and into the issued certificate) is used to encrypt data prior to sending it to the server where the certificate has been installed. It is sent to every Internet user who submits information at a site secured by the certificate. CSR code is generated along with the private key. Private key (RSA key) is necessary to decrypt data that has been encrypted using a public key. Only the server that has an RSA key is able to decrypt data. This makes data transmission via SSL secure and safe. Private key should not be revealed to any third-parties, as this may compromise the certificate. If the private key was lost or compromised, the certificate should be reissued with a new CSR code generated along with a new RSA key, and the initial certificate revoked to avoid any possible security issues.

Also, the CSR contains the information about the type of the key and key length. The most common and frequently used key type is RSA. However, there is an opportunity to submit a CSR codes with ECDSA keys for the certificate activation.

The minimum possible key size for RSA keys is 2048 bits. It is considered strong and there is no critical need to make the private key stronger. However, COMODO certificates can be also activated with 4096 and 8192 bits key size. Remember that not all devices can support strong keys!

CSR is a Base-64 code that starts with the header -----BEGIN CERTIFICATE REQUEST----- and ends with a footer -----END CERTIFICATE REQUEST----- (CSR codes generated on Windows Servers will have tags -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----). When activating the certificate, please copy the CSR code including both header and footer into the activation page.

Related FAQ

  • How to Set Up Free Email Forwarding at Namecheap?

    In order to set up Email Forwarding for your domain, please do the following:Sign into your Namecheap accountSelect Domain List from the left sidebar and click on the Manage button next to your domainNavigate to the Advanced DNS tab at the top of the pageFind the Mail Settings …

  • How does WhoisGuard Work?

    When you enable WhoisGuard service for a domain, it puts WhoisGuard protected information to the public instead of your contact details to protect you from potential spam and even identity theft.Your personal email address will be replaced with a unique WhoisGuard one (e.g., 47…

  • How to Set Up a URL Redirect for a Domain?

    To set up a URL redirect, follow these steps:Sign into your Namecheap accountSelect Domain List from the left side menuClick the Manage button next to your domainNavigate to the Advanced DNS tabClick the Add New Record button in the Host Records sectionSelect URL Redirect Recor…

Hot Promotions From Namecheap

  1. SaleStart at $9.00

    Protect Your Business With SSL Certificate, Start at $9.00/year

  2. SaleStart at $0.88

    Domains Starting at $0.88 with Free WhoisGuard

  3. Coupon40% Off

    40% Off VPS Hosting & Reseller Hosting

  4. SaleStart at $9.88

    $9.88/year for Shared Hosting, Best Choice for Beginner

  5. Coupon10% Off

    Up to 10% Off .COM / .NET / .ORG / .BIZ Domain Registrations and Transfers

Recent Added Stores

DoctorInSole Promo Codes Monster Promo Codes Axos Bank Promo Codes HostMetro Promo Codes Codecademy Promo Codes The Cisco Learning Network Store Promo Codes Edureka Promo Codes FutureLearn Promo Codes Ultra Services Promo Codes

Return to Dacoz.com Get Latest Namecheap Promo Codes

Featured Stores Picked by Dacoz

View More Stores