What is a CSR?
A Certificate Signing Request (CSR) is a message sent to a Certificate Authority to apply for a digital certificate. It contains your public key and identifying information (domain name, organization, location, etc.). The CA uses the CSR to generate your SSL certificate.
Generating a CSR with OpenSSL
The most common way to generate a CSR is using OpenSSL:
openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out request.csrThis command generates both a 2048-bit RSA private key and a CSR. You'll be prompted to enter your organization's details.
Key Information in a CSR
- CN (Common Name) — The domain name (e.g., www.example.com)
- O (Organization) — Your company's legal name
- OU (Organizational Unit) — Department within the organization
- C (Country) — Two-letter country code
- ST (State) — State or province
- L (Locality) — City name
Generating an ECC CSR
For enhanced performance with modern browsers, you can generate an ECC-based CSR:
openssl ecparam -genkey -name prime256v1 | openssl ec -out private.key
openssl req -new -key private.key -out request.csrAfter Generating Your CSR
Submit the CSR to your chosen CA. Never share your private key. After verification, the CA will issue your certificate, which you then install alongside your private key on your web server.