What is a Certificate Signing Request (CSR)?
Before you can obtain an SSL certificate, you must generate a CSR (Certificate Signing Request) on your web server. Think of a CSR as a digital "application form" that contains verified information about your website and your company.
When you generate a CSR, your server creates two separate files: a Private Key (which stays on your server) and the CSR file (which you send to the Certificate Authority).
What Information is Inside a CSR?
When you generate the request at Nixzoehost, you will be asked to provide several pieces of information. These details will be "encoded" into the CSR:
-
Common Name (CN): The fully qualified domain name (FQDN) you want to secure (e.g.,
yoursite.comor*.yoursite.comfor a Wildcard). -
Organization (O): The legal name of your company. If you don't have a company, you can use your name or "NA."
-
Organization Unit (OU): The department name (e.g., "IT" or "Web Security").
-
Locality (L): The city where your organization is located.
-
State (S): The state or province (do not abbreviate; e.g., use "California" instead of "CA").
-
Country (C): The two-letter ISO code for your country (e.g., "US" or "GB").
-
Public Key: The mathematical key that will be included in your SSL certificate.
How Does the CSR Process Work?
The CSR is part of a "Key Pair" system. Here is the lifecycle of a CSR:
-
Generation: You generate the CSR and Private Key on your server (via cPanel or the Nixzoehost dashboard).
-
Submission: You copy the block of text from the CSR file and paste it into the Activation form in your Nixzoehost account.
-
Verification: The Certificate Authority (CA) uses the CSR to verify your details and create your SSL certificate.
-
The Match: Once the certificate is issued and installed, it "matches" with the Private Key still sitting on your server to create an encrypted connection.
Critical Rules for CSRs
-
The Private Key is Private: Never share your Private Key with anyoneincluding us! If your Private Key is lost or stolen, your SSL certificate will no longer work, and you will need to reissue it.
-
No Special Characters: Avoid using symbols like
! @ # $ % ^ *in your organization or city names, as these can cause the CA's system to reject the request. -
One-Time Use: A CSR is generally intended for one-time use. If you need to reissue your certificate or if you move to a new server, it is best practice to generate a fresh CSR.
What a CSR Looks Like
A CSR is a block of encoded text that looks like a jumble of random letters and numbers. It will always begin and end with these specific lines:
-----BEGIN CERTIFICATE REQUEST----- [Encoded Data] -----END CERTIFICATE REQUEST-----