What is a Certificate Signing Request (CSR)?
When you purchase an SSL certificate, it doesn't work immediately. Before the Certificate Authority (CA) can secure your site, they need specific information about your server and your organization. This information is sent via a Certificate Signing Request, commonly known as a CSR.
Think of a CSR as a digital application form for your SSL certificate.
How it Works
When you generate a CSR on your web server (like the ones at Nixzoehost), the server creates two separate files:
-
The Private Key: This stays on your server. It is a secret file that should never be shared with anyoneincluding Nixzoehost or the Certificate Authority.
-
The CSR (Public Key): This is the file you copy and paste into your SSL activation form. It contains the "Public Key" that the CA will sign to create your certificate.
What Information is Inside a CSR?
A CSR is a block of encrypted text that starts with -----BEGIN CERTIFICATE REQUEST-----. While it looks like gibberish to the human eye, it contains the following verified details:
-
Common Name (CN): The exact domain name you want to secure (e.g.,
www.yourdomain.com). -
Organization (O): The legal name of your company or "NA" for personal sites.
-
Locality/City (L): Your city.
-
State/Province (ST): Your state or province.
-
Country (C): The two-letter ISO code for your country (e.g.,
US,GB,CA). -
Public Key: The mathematical code used to encrypt data sent to your site.
Why Do I Need One?
You cannot "buy" a completed SSL certificate because every certificate must be custom-built for the specific server it will live on. The CSR ensures that the certificate issued by the CA is mathematically paired with the Private Key on your Nixzoehost server. Without this pair, encryption is impossible.
Important Things to Remember
-
Keep Your Private Key Safe: If you delete your Private Key after generating the CSR, the certificate you receive will not work. You will have to start over and reissue the SSL.
-
Accuracy Matters: If there is a typo in your domain name inside the CSR, the Certificate Authority will issue the certificate for the wrong domain, and it will show as "Invalid."
-
RSA 2048-bit: In 2026, all CSRs must be generated with at least 2048-bit encryption strength. cPanel on Nixzoehost does this automatically.
Quick Summary Table
| Component | What it is | Can I share it? |
| CSR | The application file you give to the CA. | Yes |
| Private Key | The "secret" file stored on your server. | NO (Never) |
| Common Name | Your domain name (e.g., nixzoehost.com). |
Yes |