What is a Certificate Signing Request (CSR)?
What is a Certificate Signing Request (CSR)?
A Certificate Signing Request (CSR) is a file of encrypted text that you generate on your server. It acts as the formal application for your SSL certificate.
This file contains all the identifying details (like your domain name and company info) that a Certificate Authority (CA) needs to verify your identity. You send them the CSR, they validate your information, and then they use it to create and issue your unique certificate.
The Most Important Part: Your Private Key
When you generate a CSR, your server also creates a Private Key. This key is linked to your CSR, and you'll need it to install your certificate.
It Must Remain Secure: Your private key must stay secret and safe on your server. Never share it with anyone (not even us or the CA).
It Decrypts Your Data: This key is used to decrypt data encrypted by your SSL certificate.
If You Lose It, You Start Over: If your private key is lost or compromised, your SSL certificate is useless. You will have to generate a new key pair (and CSR) and have the certificate reissued.
When Do I Need to Generate a CSR?
You must generate a new CSR on your server when you:
Purchase a new SSL certificate.
Renew an expiring SSL certificate.
Reissue a certificate (for example, if you lost the private key or are changing domains).
What Information is in a CSR?
Your server will ask for these details when you generate the CSR. They must be accurate.
Field | Description |
|---|---|
Common Name (CN) | The fully qualified domain name (FQDN) you want to secure (e.g., |
Organization (O) | The legal name of your organization (e.g., |
Organizational Unit (OU) | The specific department (e.g., |
Locality (L) | The city where your organization is located (e.g., |
State/Province (ST) | The full name of the state or province (e.g., |
Country (C) | The two-letter ISO code for your country (e.g., |
Email Address | Contact email (e.g., webmaster@domain.com). |
Key Length | The bit-length of the key. 2048-bit is the current industry standard and minimum requirement. |
Signature Algorithm | The hashing algorithm. SHA-2 (like SHA-256) is the modern standard. |
What Does a CSR Look Like?
A CSR is a block of Base-64 encoded text. It's not meant to be human-readable. You'll need to copy and paste the entire block, including the header and footer, into the activation form.
-----BEGIN CERTIFICATE REQUEST-----
MIIDGDCCAgACAQAwgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
...
O8XAZ2bYTK4HQfPm+Fud22SD+DkSwt8vN8Lu2g==
-----END CERTIFICATE REQUEST-----How to Generate a CSR
The generation process is different for every server. For detailed, step-by-step instructions, please find the guide that matches your environment from our list below.
If you are using our Virtual Private Server Hosting or Dedicated Server Hosting and purchase an SSL through us, this process is often automated. The main exceptions are:
You purchased a Premium EV SSL from us.
You purchased an SSL certificate from another vendor.
If you need to generate a CSR on our hosting platform, see our step-by-step instructions for Plesk.
Don’t see your server?
If you aren't sure what server you're using or can't find your guide, your best bet is to contact your hosting or server provider directly. They can provide the exact steps you need.