How to Generate a CSR for an SSL Certificate
When applying for an SSL certificate, you must create a CSR (Certificate Signing Request) and submit it to the Certificate Authority (CA) for validation. On this page, you will find over 70 tutorials explaining how to generate a CSR on different platforms. Also included is an FAQ section covering the most common questions about CSR generation.
How to Manually Generate a CSR?
Manually creating a CSR requires access to the server on which you intend to install your SSL certificate. Depending on your platform, you will generate the CSR code via a web control panel or with the OpenSSL utility using SSH (Secure Shell) protocol.
To create the CSR file, you must provide details about your company and the website you wish to encrypt. The system will then produce the CSR. Below we’ve listed step-by-step instructions on how to generate a csr for an SSL certificate for various platforms.
CSR Generation Guides
We’re always updating our CSR generation guides and list of platforms to bring you the most precise instructions for your particular server. You can browse them by category or use the CTRL + F shortcut to locate your system name.
Microsoft Platforms
Linux Platforms
Application Servers
Cloud Platforms
Mail Servers and Gateways
Network systems, Firewalls, and VPNs
If you don’t have access to your server or can’t find your platform in the lists above, use our CSR generator tool to create the CSR file.
Frequently Asked Questions
A CSR or Certificate Signing Request is a block of encoded text with your contact data that you must submit to the certificate authority (CA) to validate your SSL certificate request.
You can generate the CSR code directly on your website’s server or via a CSR generator tool and then upload the CSR code to your platform.
You must provide the following information:
- Country Name
- State or Province Name
- Locality Name
- Organization Name
- Common Name (the FQDN -Fully Qualified Domain Name you want to secure)
You must generate a CSR code every time you apply for a new certificate or are renewing your expiring cert. The CA uses the up-to-date data from your CSR to validate and issue your SSL certificate.
To generate the CSR, you must have access to your server or use a third-party tool that will automatically create the CSR files after you submit the required data.
The CSR generation itself is instant. The only time you’ll spend is filling in the required CSR fields with your contact information.
The system or platform on which you generate the CSR will create two text files. The file with the .csr extension will contain your CSR code, while the file with the .key extension will include your private key.
To generate the CSR on your server, you need access to your control panel or secure shell terminal. You can also create the CSR externally via a CSR generator tool directly from your browser.
When you generate a CSR via an external tool such as a CSR generator, you should enter one single domain name or sub-domain. The rest of the domains or sub-domains, known as SANs (2nd, 3rd, 4th domains or sub-domains), should be included in the fields for additional domains. You will find the additional domain fields on the SSL Certificate configuration form.
If you generate the CSR with OpenSSL, you need to create a new file named req.conf and add more DNS entries. Here’s the command line to request the CSR:
openssl req -new -out request_name.csr -newkey rsa:2048 -nodes -sha256 -keyout request_name.key -config req.conf
It’s not recommended to use an existing CSR when applying for a new SSL certificate, as re-using the same key over very long periods may compromise website security.
When generating a CSR for a Wildcard SSL certificate, you must add an asterisk (*) in front of the domain name you want to secure. For example, you would enter *.yourdomain.com in the Common Name field.
