CSR Overview

To get an SSL Certificate for your domain or hostname, you’ll need to create a Certificate Signing Request (CSR). A CSR is a request for a Certificate Authority (CA) to issue your SSL Certificate. It includes your public key and information about your domain or hostname. Here’s a breakdown of the details you’ll need to provide in the CSR:

  • Common Name (CN): This is the Fully Qualified Domain Name (FQDN) of your server. It should exactly match what you type in your web browser to avoid any security errors.
  • Organization Name (O): The legal name of your company or organization. The name should not be abbreviated and should include the corporate identifier such as Inc., Corp, or LLC (if applicable). For DV orders, you can use your personal name.
  • Organization Unit (OU): The unit or division of the company or organization that manages the certificate (e.g. IT Department).
  • Locality (L): The city where you are located.
  • State or Province Name (ST): The state or province where you are located.
  • Country (C): The country where you are located.
  • Email Address: An email address associated with the company.
  • Root Length: The strength of the key pair is determined by the bit-length, which is the new industry standard of 2048-bit key size to ensure security for the future.
  • Signature Algorithm: Hashing algorithms are used by issuing Certificate Authorities to sign certificates and CRLs (Certificate Revocation List) to generate unique hash values from files. It is recommended that your certificate be signed with SHA-2, the strongest signature algorithm adopted by the industry.

The Private Key

In addition to creating a CSR, the web server also exports a private key file related to the corresponding CSR. The private key is a unique cryptographic key used to decrypt sensitive data transmitted and encrypted with its corresponding public key. The private key should never be shared with anyone outside of the secured server environment. If it is lost or compromised, the encrypted communications could be read by malicious users and put your organization’s reputation at risk, which defeats the entire methodology behind the Public Key Infrastructure (PKI). We highly recommend creating a new key pair and replacing or reissuing your SSL Certificate if the private key is lost or compromised.

Example of CSR

Most CSRs are created in the Base-64 encoded PEM format and include the “—–BEGIN CERTIFICATE REQUEST—–“and “—–END CERTIFICATE REQUEST—–“ lines as the header and footer tags of the CSR. A standard PEM format CSR will look like the following example:

-----BEGIN CERTIFICATE REQUEST-----
MIIDGDCCAgACAQAwgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRYwFAYDVQQKEw1Hb29nbGUsIEluYy4g
MRcwFQYDVQQLEw5JVCBEZXB0YXJ0bWVudDEXMBUGA1UEAxMOd3d3Lmdvb2dsZS5j
b20xIzAhBgkqhkiG9w0BCQEWFHdlYm1hc3RlckBnb29nbGUuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3NT5DBBDql5gTB4/6Zsq/C1iwO4yBD2
nThaNfO1qHKUjnFz0oua+54x97TjmHItRH5H+jPJvmzzb4TUJ274CRFhquOOMZVM
dVIG9FUjogJstMqv4GtBC4C/ype0ilAcPEBjRi9bFiR/g43qPCnlRAJNo4cJko7n
W7erAJsRPNiQMr5UJN9h3GuQMPw6uaI/0OWuWjSTLzEBMujHhPySgZIv1SurVXDz
iFC6S6qvc9XQ1z6tkmrttdoOfDI+eT75QxysHmctgAvkZaFEoRASqcqf3iYyl9Qw
mh0xuLSoR9HTvaD9DhxAIa4/1+l6D9MGb/01+lip7AjqdnTTzSBfcQIDAQABoCkw
JwYJKoZIhvcNAQkOMRowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkqhkiG
9w0BAQsFAAOCAQEAZyMkFtElkS3vQoCPVHevrFcPgrx/Fqx0UdQdnf2RyoJ3jqiU
yPo5+5BHA9kY0TuJLhgMIq0QWAbzZYNL0+J8UUcx8EvMK6DqPpKteyYFCMw6GEzu
diq4RE/8Ea9UpGbw8GH1oEsUksBTwrs06OSOVgDXkJ1XY4VaRkMPflgQWGULgKYO
2P/zcFowENruGLJO7ynyUkm5idKdYzDqk7c7bqyLywOEPxSRKVyblmzqiFCOlCqp
HozZ9+5TmrMPD/hO1uHVECcL08RMGXoGMajojI8CE+cmkaWLq3PZt08Sv0F/Itop
O8XAZ2bYTK4HQfPm+Fud22SD+DkSwt8vN8Lu2g==
-----END CERTIFICATE REQUEST-----
Leave a Reply 0

Your email address will not be published. Required fields are marked *