SSL (Secure Sockets Layer) is a protocol that secures travelling data between both end like the server to customer web browser. To keep eavesdrop away from ongoing data, Companies are now preferring to have SSL certificate on their website. There are many technical terms included in SSL certificate. As a website owner, if you are applying for an SSL certificate then certain words, you may encounter with for example, private key, CSR, root certificate, intermediate certificate, bit-length etc.
In this short article, we will discuss about one of technical term named CSR (Certificate Signing Request) which is used when you apply for an SSL certificate.
What is CSR (Certificate Signing Request)?
Certificate Signing Request (CSR) is a piece of encoded text provided by a certificate applier to certificate authority while purchasing SSL certificate. It should be created on the server and contains details like common name/domain name, city, state, country, email address etc. CSR also includes public key that will be added in the certificate.
How Does Certificate Signing Request Look?
Below is an example that shows how CSR does look:
What Information Is Needed For Certificate Signing Request (CSR)?
Mostly CSR are created in Base-64 encoded PEM format. It starts with —–BEGIN CERTIFICATE REQUEST—– and end with —–END CERTIFICATE REQUEST—–. There are 5 dots included in CSR begin and end tags. CSR generally include below details:
Details | Description | Example |
---|---|---|
Common Name | It should be domain name (Fully Qualified Domain Name) | www.exampledomain.com, blog.exampledomain.com, *.exampledomain.com |
Organization | It should be organization name which is suffixed by LLC, Corp etc. | Companyname LLC |
Organization Unit | The department from which SSL certificate request has been made | IT, Marketing, etc. |
City | Where your Organization is located | Albany, Atlanta, etc. |
State | State in which your Organization is located | New York, Texas, etc. |
Country | Country in which your Organization is located | US, Egypt, Greece, etc. |
Email Address | Email address for contact point of Organization | contact@exampledomain.com |
How To Generate Certificate Signing Request?
When you create CSR on server type like Apache, cPanel, IIS, Nginx server. The certificate will also be installed on same server from which CSR and private key is generated. When you have CSR by filling all required details, you should copy CSR code in notepad/text editor and save it also on server as well provide to certificate provider. Private key also should be copied and pasted in notepad and save it on the server. Private key should not be disclosed to anyone as it may compromise the certificate.
When you create CSR, private key will also be generated and the bit-length of private key should be 2048-bit.
How To Decode CSR (Certificate Signing Request)?
You can decode CSR with CSR decoder tool & verify its content.
At last, if your CSR passes, the certificate provider will consider it and fulfills all relevant parameters, then SSL certificate authority will issue an SSL certificate.