Certificate Signing Request (CSR) - Overview

Introduction

A certificate signing request (CSR) is a message sent to a certificate authority to request the signing of a public key and associated information. Most commonly a CSR will be in a PKCS10 format. The contents of a CSR comprises a public key, as well as a common name, organization, city, state, country, and e-mail. Not all of these fields are required and will vary depending with the assurance level of your certificate. Together these fields make up the Certificate Signing Request (CSR). 

The CSR is signed by the applicant's private key; this proves to the CA that the applicant has control of the private key that corresponds to the public key included in the CSR. Once the requested information in a CSR passes a vetting process and domain control is established, the CA may sign the applicant's public key so that it can be publicly trusted. 

Before you can order an SSL Certificate, you will need to generate a CSR. The process for generating a CSR varies from platform to platform. Some will use a command line, others will walk through a GUI-based wizard.

Resources for Generating CSRs:

cPanel

Exchange 2007

Exchange 2010

Azure Key Vault

(IIS) 5 & 6

IIS 7/8

Java Keytool (Tomcat & other Java-based servers)

OpenSSL (Use for Apache & NGINX)

SonicWall

Plesk

Lotus Domino 8.5

Oracle Wallet Manager

Cisco ASA 5500

Windows Server 2008+

 

Certificate Signing Request (CSR) Example:

-----BEGIN CERTIFICATE REQUEST-----
MIICwjCCAaoCAQAwfTELMAkGA1UEBhMCVUsxFzAVBgNVBAMMDmdsb2JhbHNpZ24u
Y29tMRIwEAYDVQQHDAlNYWlkc3RvbmUxGzAZBgNVBAoMEkdNTyBHbG9iYWxTaWdu
IEx0ZDENMAsGA1UECAwES2VudDEVMBMGA1UECwwMS2VpciBUZXN0aW5nMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYEz3F49JI+J/13Xr+uH+Bb89sav
PaXKjkzwUu0w6MU/MATRT9iqdBJ5ifecTZvlr/KUorFnRTBmBOXCi7n8xKOIhgsP
MTNUnr0wGPeJnU0PfrO67ylPKDIOKTXjcpm9g2kLRu/xbkxnBWMwezwOMJd4DzzZ
RZg4byIXv+lRTMCqUy+yHNJsVj4SUmi9X7gUyCK7X4THR/ez0XChoYOIJXFdceIn
RLFpXN0a68pOHTsZV3I+dD56Zt20EMtmLooovJxEnmXBHdgHx8QjjsG5W1wLZmaR
yMHc1/ZufH9XuOnoH+KikKegqc9VOaW7iC9TLStt/KH2hOi1mIwoWwedcQIDAQAB
oAAwDQYJKoZIhvcNAQELBQADggEBAA8CVf+d4p+Tpsr0mKkfD8LrSwYgTF39CGNs
vUDopzbnrrSR6CKT2nqGDLkXVSsjeCv0mi0v54XWsYexffvjgQ97twfDvwStp4vA
LfQ7arDMDwqwQ0af1MvI9Qu8z/Wci7l0XnBfx2jj9ojC/Pu2BIx1t3e9MAOoZaTW
raDibu+fN1DypQXmuWJjIr0O1qHogNaheRnHgT7eJ38I6V43QI94rq95rEJM80QH
oh8T+0tAIUxz8ZlxiIhHl+EPlGpnez+fNiTo23lwqriicRW1eRMT3uNJqfLjmzaj
ndn3KyCF2E/0Him9FCG1cAsIjTEjIzqmdzqr/ffm9AUXlaPOtT4=
-----END CERTIFICATE REQUEST-----

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Certificate Inventory Tool

Please click the button below to log in or sign up.

Log In - Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.