SSL Certificates

What is a Certificate Signing Request CSR And How Generate CSR

What is Certificate Signing Request

CSR is abridgement of Certificate Signing Request,its a block of encrypted text that is generated on the server that the certificate will be used on.
It contains information that will be included in your certificate such as your organization name, common name (domain name), locality, and country. It also contains the public key that will be included in your certificate. A private key is usually created at the same time that you create the CSR.

Certificate authority (CA) will use a CSR to create your SSL certificate, but it does not need your private key.
The private key secret issued by CA should be confidential and keep it for you only.

CSR contains the following informations:

  • Common Name :The fully qualified domain name (FQDN) of your server. This must match exactly what you type in your web browser or you will receive a name mismatch error exmaple : *.domainname.tld.
  • Organization:The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC. exmaple:Company Inc.
  • Organizational Unit:The division of your organization handling the certificate , exmaple :Information Technology.
  • City/Locality:The city where your organization is located , example:Mountain View.
  • State/County/Region:The state/region where your organization is located. This shouldn’t be abbreviated, example:New York.
  • Country:The two-letter ISO code for the country where your organization is location,example:US,CA.
  • Email address:An email address used to contact your organization,webmaster@domain.tld.
  • Public Key:The public key that will go into the certificate.

CSR’s format

Most CSRs are created in the Base-64 encoded PEM format. This format includes the “—–BEGIN CERTIFICATE REQUEST—–” and “—–END CERTIFICATE REQUEST—–” lines at the begining and end of the CSR. A PEM format CSR can be opened in a text editor .

To generate CSR and private key
openssl req -new -keyout server.key -out server.csr
Decode a CSR
openssl req -in server.csr -noout -text

XsoftHost Support

Share
Tags: CSRSSL Certificate
8 years ago

Recent Posts

Add Extra IP addresses to server configuration On Ubuntu 17.10 and later

Each failover IP address will need its own line in the configuration file. The configuration…

4 years ago

Create RAID Arrays with mdadm on Ubuntu

What is mdadm? The mdadm utility can be used to create and manage storage arrays…

4 years ago

How to change the maximum upload file size for PHP

There are several scenarios that you might need to increase or decrease your php maximum…

6 years ago

How to install Let’s Encrypt Plugin in WHM/cPanel

What is Let’s Encrypt? Let’s Encrypt is a free certificate authority provided by the Internet…

6 years ago

How to install python in my cPanel and add py extension

Python normally installed on all cPanel hosting server because most of Centos/red hat update system…

6 years ago

How to install and enable GUI GNOME Desktop on centos 7

Usually CentOS 7 comes in a numbers of variants, For most users, there are two…

6 years ago