What is a Certificate Signing Request (CSR)? Print

  • 0

What is a Certificate Signing Request (CSR)?

Before you can obtain an SSL certificate, you must generate a CSR (Certificate Signing Request) on your web server. Think of a CSR as a digital "application form" that contains verified information about your website and your company.

When you generate a CSR, your server creates two separate files: a Private Key (which stays on your server) and the CSR file (which you send to the Certificate Authority).


What Information is Inside a CSR?

When you generate the request at Nixzoehost, you will be asked to provide several pieces of information. These details will be "encoded" into the CSR:

  • Common Name (CN): The fully qualified domain name (FQDN) you want to secure (e.g., yoursite.com or *.yoursite.com for a Wildcard).

  • Organization (O): The legal name of your company. If you don't have a company, you can use your name or "NA."

  • Organization Unit (OU): The department name (e.g., "IT" or "Web Security").

  • Locality (L): The city where your organization is located.

  • State (S): The state or province (do not abbreviate; e.g., use "California" instead of "CA").

  • Country (C): The two-letter ISO code for your country (e.g., "US" or "GB").

  • Public Key: The mathematical key that will be included in your SSL certificate.


How Does the CSR Process Work?

The CSR is part of a "Key Pair" system. Here is the lifecycle of a CSR:

  1. Generation: You generate the CSR and Private Key on your server (via cPanel or the Nixzoehost dashboard).

  2. Submission: You copy the block of text from the CSR file and paste it into the Activation form in your Nixzoehost account.

  3. Verification: The Certificate Authority (CA) uses the CSR to verify your details and create your SSL certificate.

  4. The Match: Once the certificate is issued and installed, it "matches" with the Private Key still sitting on your server to create an encrypted connection.


Critical Rules for CSRs

  • The Private Key is Private: Never share your Private Key with anyoneincluding us! If your Private Key is lost or stolen, your SSL certificate will no longer work, and you will need to reissue it.

  • No Special Characters: Avoid using symbols like ! @ # $ % ^ * in your organization or city names, as these can cause the CA's system to reject the request.

  • One-Time Use: A CSR is generally intended for one-time use. If you need to reissue your certificate or if you move to a new server, it is best practice to generate a fresh CSR.


What a CSR Looks Like

A CSR is a block of encoded text that looks like a jumble of random letters and numbers. It will always begin and end with these specific lines:

-----BEGIN CERTIFICATE REQUEST----- [Encoded Data] -----END CERTIFICATE REQUEST-----


Was this answer helpful?

« Back