A Certificate Signing Request or CSR is a specially formatted underdeveloped public key that is used for enrollment of an SSL Certificate. The information on this CSR is important for a Certificate Authority (CA). It is needed to validate the information required to issue a SSL Certificate.
Creation of a CSR also means you are creating your private key. The private key will always be left on the system or application where the CSR is generated. The Private key will be required later for installation.
If you do not see your server listed Perform a search or you may have to contact your server vender or hosting provider for best practices on how to generate a CSR on your system.
A CSR must contain the Following information:
- Country Name: Use the two-letter code without punctuation for country, for example: US or CA.
- State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: Massachusetts
- Locality or City: The Locality field is the city or town name, for example: Boston. Do not abbreviate. For example: Saint Louis, not St. Louis
- Company: If the company or department has an &, @, or any other symbol using the shift key in its name, the symbol must be spelled out or omitted, in order to enroll. Example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
- Organizational Unit: The Organizational Unit (OU) field is the name of the department or organization unit making the request. To skip the OU field, press Enter on the keyboard.
- Common Name: The fully-qualified domain name, or URL, you’re securing. for example “www.domain.com”. If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.domain.com.
Note: You might be prompted on some server systems or applications to associate a password for your CSR. Leave this blank or bypass it by pressing Enter depending on the system. Associating a password with your CSR will encrypt it and will cause issues with enrollment. If this happens you will have to regenerate another CSR without a password.
If you are looking for a simpler way to create CSRs, and install and manage your SSL Certificates, we recommend using the DigiCert Certificate Utility for Windows. You can use the DigiCert Utility to generate your CSR and Configure your SSL Certificate Keypair. You can then export your SSL Certificate from the utility in either a pfx for pem Apache applicable format and import it into the systems that require your SSL Certificate.
Digicert Certificate Utility – SSL Certificate (Guide)
To check the information of your CSR visit the SSL Tools CSR Checker.
Instructions for server vendors:
A:
Apache (OpenSSL, Nginx, ModSSL)
Apple Mac OS X 10.6
Apple Mac OS x 10.11
Aruba ClearPass
B:
Barracuda SSL VPN
C:
Checkpoint VPN
Citrix Netscaler VPX
Cisco ASA 5510
Cisco Wireless LAN Controller
cPanel
F:
F5 BIG IP
F5 FirePass
FileMaker 15
I:
IBM AS/400 iSeries
IBM WebSphere
J:
Juniper
JBoss Http
JBoss Tomcat
K:
Kemp 6.x
Keytool
M:
Microsoft Azure
Microsoft Active Directory LDAP
Microsoft Exchange 2010
Microsoft Exchange 2013
Microsoft Forefront
Microsoft Server 2003 – IIS 6
Microsoft Server 2008 – IIS 7 & 7.5
Microsoft Server 2012 – IIS 8 & 8.5
Microsoft Lync
Microsoft Office 365
Microsoft Sharepoint 2010
Microsoft Sharepoint 2013
Mitel MiCollab MSL
O:
Oracle Wallet Manager
P:
Plesk 11.x
Plesk 12
Portecle
S:
SonicWall VPN
SonicWall NSA
SAP Web Application Server
SRT Titain FTP
T:
Tomcat
W:
Web Host Manager (WHM)
Z:
Zimbra