IntroductionA certificate signing request (CSR) is a message sent to a certificate authority to request the signing of a public key and associated information. Most commonly a CSR will be in a PKCS10 format. The contents of a CSR comprises a public key, as well as a common name, organization, city, state, country, and e-mail. Not all of these fields are required and will vary depending with the assurance level of your certificate. Together these fields make up the to be signed certificate sequence.
The CSR is signed by the applicant's private key; this proves to the CA that the applicant has control of the private key that corresponds to the public key included in the CSR. Once the requested information in a CSR passes a vetting process and domain control is established, the CA may sign the applicant's public key so that it can be publicly trusted.
Before you can order an SSL Certificate, you will need to generate a CSR. The process for generating a CSR varies from platform to platform. Some will use a command line, others will walk through a GUI-based wizard.
For DomainSSL and OrganizationSSL certificates, GlobalSign offers an AutoCSR option which will automate this process.
Resources for Generating CSRs:
- Exchange 2010
- IIS 7/8
- IIS 5/6
- Java Keytool (Tomcat & other Java-based servers)
- OpenSSL (Use for Apache & NGINX)