CSR Generation Tutorials

All Business Validation Certificate Authorities Changes Code Signing Configuration CPAC CSR Code CSR Decoder CSR Generation Tutorials CSR Generator DigiCert Domain Validation Extended Validation General Install SSL Certificates Installation IP Address LEI Multi Domain Payments Private Key Renewal S/MIME Types Updates Wildcard
How to Generate CSR for a Code Signing Certificate?

Starting June 1st, 2023, improved security measures mandate that private keys for standard code signing certificates be exclusively stored on FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent certified hardware. This change aligns with the stringent protection standards of EV code signing certificates. Consequently, Certificate Authorities (CAs) ceased supporting browser-based key generation, CSR creation, and installation processes. Instead, opting for the token+ shipment method when requesting the certificate will prompt the CA to create the CSR. Those preferring HSM installation must refer to the instructions below or the respective provider’s guidelines.

Learn more about code signing certificate delivery methods.

Copy Link

How to generate a CSR for a wildcard certificate?

When generating a CSR for a Wildcard SSL certificate, you must add an asterisk (*) in front of the domain name you want to secure. For example, you would enter *.yourdomain.com in the Common Name field.

Copy Link

How to generate a CSR from an existing certificate?

It’s not recommended to use an existing CSR when applying for a new SSL certificate, as re-using the same key over very long periods may compromise website security.

Copy Link

How to generate multi-level SSL CSR?

When you generate a CSR via an external tool such as a CSR generator, you should enter one single domain name or sub-domain. The rest of the domains or sub-domains, known as SANs (2nd, 3rd, 4th domains or sub-domains), should be included in the fields for additional domains. You will find the additional domain fields on the SSL Certificate configuration form.

If you generate the CSR with OpenSSL, you need to create a new file named req.conf and add more DNS entries. Here’s the command line to request the CSR:

openssl req -new -out request_name.csr -newkey rsa:2048 -nodes -sha256 -keyout request_name.key -config req.conf

Copy Link

What access is needed to generate CSR?

To generate the CSR on your server, you need access to your control panel or secure shell terminal. You can also create the CSR externally via a CSR generator tool directly from your browser.

Copy Link

What happens when you generate a CSR?

The system or platform on which you generate the CSR will create two text files. The file with the .csr extension will contain your CSR code, while the file with the .key extension will include your private key.

Copy Link

How long does it take to generate CSR?

The CSR generation itself is instant. The only time you’ll spend is filling in the required CSR fields with your contact information.

Copy Link

How often do I need to generate a CSR?

You must generate a CSR code every time you apply for a new certificate or are renewing your expiring cert. The CA uses the up-to-date data from your CSR to validate and issue your SSL certificate.

Copy Link

What is needed to generate a CSR?

To generate the CSR, you must have access to your server or use a third-party tool that will automatically create the CSR files after you submit the required data.

Copy Link

What information will I be asked to generate a CSR?

You must provide the following information:

  • Country Name
  • State or Province Name
  • Locality Name
  • Organization Name
  • Common Name (the FQDN -Fully Qualified Domain Name you want to secure)

Copy Link