Features

Generate CSR for SSL/TLS

Create private key automatically

2048-bit and 4096-bit keys

PEM format output

Organization details included

Download CSR and key

Copy to clipboard

100% client-side generation

No server communication

Secure and private

What is a CSR?

A Certificate Signing Request (CSR) is an encoded text file containing your public key and identifying information. You generate a CSR on your server and submit it to a Certificate Authority (CA) like Let's Encrypt, DigiCert, or Sectigo. The CA validates your information and issues an SSL/TLS certificate signed with their private key.

The CSR contains your domain name, organization details, and public key. The corresponding private key stays on your server and must be kept secret. When the CA returns your signed certificate, you install it along with the private key to enable HTTPS on your website.

CSR Components

Common Name (CN): Your domain name (example.com)
Organization (O): Legal company name
Organizational Unit (OU): Department (optional)
Locality (L): City name
State (ST): State or province
Country (C): Two-letter country code
Email: Contact email (optional)
Public Key: Generated automatically

CSR Format:

-----BEGIN CERTIFICATE REQUEST-----
MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWEx
FjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xFDASBgNVBAoMC0V4YW1wbGUgSW5jMRYw
... (Base64 encoded data)
-----END CERTIFICATE REQUEST-----

How to Use the CSR Generator

Step 1: Enter Certificate Information

Fill in all required fields marked with asterisks. Use your actual domain name for Common Name. Enter your organization's legal name and location. The country code must be exactly 2 letters (US, GB, CA, etc.).

Step 2: Generate CSR and Private Key

Click "Generate CSR" to create both the CSR and private key. Generation happens in your browser - no data is sent to any server. The private key is generated automatically and must be kept secure.

Step 3: Download Both Files

Download the CSR and private key immediately. Store the private key securely on your server with restricted permissions (chmod 600). Never share or lose the private key - you'll need it to install the certificate.

Step 4: Submit CSR to Certificate Authority

Copy the CSR and paste it into your CA's certificate request form. The CA will validate your information and issue a signed certificate. Install the certificate with your private key to enable HTTPS.

Common Use Cases

1. SSL/TLS Certificate Request

Generate a CSR when purchasing or renewing SSL/TLS certificates. Submit the CSR to your chosen CA (Let's Encrypt, DigiCert, Sectigo) to get a signed certificate for your domain.

2. Wildcard Certificate

Use *.example.com as the Common Name to request a wildcard certificate that covers all subdomains. Wildcard certificates are useful for sites with many subdomains.

3. Multi-Domain Certificate (SAN)

Some CAs allow you to add Subject Alternative Names (SAN) after submitting the CSR. This lets one certificate cover multiple different domains.

4. Internal Certificate Authority

Generate CSRs for internal certificates signed by your organization's private CA. This is common in enterprise environments for internal services.

5. Certificate Renewal

Generate a new CSR when renewing certificates. While you can reuse the old private key, generating a new key pair is more secure and recommended.

CSR Examples

Example 1: Generate CSR with OpenSSL

# Generate private key and CSR
openssl req -new -newkey rsa:2048 -nodes \
  -keyout private.key -out request.csr

# Generate CSR from existing key
openssl req -new -key private.key -out request.csr

Example 2: View CSR Contents

# Decode and view CSR
openssl req -in request.csr -noout -text

# Verify CSR signature
openssl req -in request.csr -noout -verify

Example 3: Extract Public Key from CSR

# Extract public key
openssl req -in request.csr -noout -pubkey

# View subject information
openssl req -in request.csr -noout -subject

Example 4: Generate CSR for Wildcard

# Wildcard certificate CSR
openssl req -new -newkey rsa:2048 -nodes \
  -keyout wildcard.key -out wildcard.csr \
  -subj "/C=US/ST=California/L=San Francisco/O=Example Inc/CN=*.example.com"

Example 5: Install Certificate

# After receiving certificate from CA
# Copy certificate and key to server
sudo cp certificate.crt /etc/ssl/certs/
sudo cp private.key /etc/ssl/private/
sudo chmod 600 /etc/ssl/private/private.key

# Configure web server (nginx example)
ssl_certificate /etc/ssl/certs/certificate.crt;
ssl_certificate_key /etc/ssl/private/private.key;

Frequently Asked Questions

What information do I need to generate a CSR?

You need your domain name (Common Name), organization name, city, state/province, and country code. Organizational Unit and email are optional but recommended.

Can I use the same CSR for multiple certificates?

No, generate a new CSR for each certificate. Each CSR should be unique and used only once. Reusing CSRs can cause security issues and certificate management problems.

What happens to my private key?

The private key is generated along with the CSR and must be kept on your server. Never share it or upload it anywhere. You'll need it to install the certificate after the CA signs your CSR.

How do I create a wildcard certificate CSR?

Use *.example.com as the Common Name. The asterisk covers all first-level subdomains (www.example.com, api.example.com) but not second-level subdomains (api.v2.example.com).

What key size should I use?

2048-bit keys are standard and sufficient for most uses. Use 4096-bit keys for enhanced security if you handle highly sensitive data or need longer-term protection.

Can I generate a CSR without a private key?

No, the CSR and private key are mathematically linked. The CSR contains the public key derived from the private key. You must generate them together.

How long does it take to get a certificate?

Domain Validation (DV) certificates are issued within minutes to hours. Organization Validation (OV) takes 1-3 days. Extended Validation (EV) takes 1-2 weeks due to thorough verification.

What if I lose my private key?

If you lose the private key, you cannot use the certificate. You must generate a new CSR with a new private key and request a new certificate from your CA. Always backup private keys securely.

Is my CSR data secure?

Yes, all generation happens in your browser. No data is sent to any server. The CSR contains only public information and your public key - it's safe to share with CAs.

Can I use this for production certificates?

Yes, the generated CSR is valid for production use. However, for critical production systems, consider generating CSRs directly on your server for maximum security.

Related Tools

Explore our other security and certificate tools:

RSA Key Generator - Generate RSA key pairs
SSL Certificate Decoder - Decode SSL certificates
HMAC Generator - Generate HMAC signatures
Hash Generator - Generate cryptographic hashes
Password Generator - Generate secure passwords

CSR Generator

Enter Details

Generate CSR

Submit to CA

Certificate Information

Certificate Signing Request (CSR)

Private Key (Keep Secret!)