Skip to content

CSR (Certificate Signing Request)

A Certificate Signing Request (CSR) is a file generated when applying for an SSL certificate^[600-developer__tools__security__security-file-extension-name.md]. It acts as the initial step in the application process, containing encoded information that is submitted to a certificate vendor (CA) to generate the final certificate^[600-developer__tools__security__security-file-extension-name.md].

Contents

A CSR file includes specific identification fields required by the Certificate Authority (CA)^[600-developer__tools__security__security-file-extension-name.md]:

  • CN (Common Name): The domain name to protect (e.g., www.example.com or *.domain.com for wildcard domains)^[600-developer__tools__security__security-file-extension-name.md].
  • O (Organization): The legally registered name of the organization^[600-developer__tools__security__security-file-extension-name.md].
  • OU (Organizational Unit): The company department (defaults to the Common Name if left blank)^[600-developer__tools__security__security-file-extension-name.md].
  • L (Locality): The city where the company is located^[600-developer__tools__security__security-file-extension-name.md].
  • ST (State): The state or region where the company is located^[600-developer__tools__security__security-file-extension-name.md].
  • C (Country): The country where the company is located^[600-developer__tools__security__security-file-extension-name.md].
  • Key Size: The encryption algorithm and key length (e.g., RSA 2048)^[600-developer__tools__security__security-file-extension-name.md].

Key Files

Generating a CSR involves creating two distinct files^[600-developer__tools__security__security-file-extension-name.md]:

  • Private Key: This file must be kept secure and stored locally by the user^[600-developer__tools__security__security-file-extension-name.md].
  • CSR File: This file is provided to the certificate vendor for signing^[600-developer__tools__security__security-file-extension-name.md].

Generation

CSRs can be generated using the openssl command-line tool^[600-developer__tools__security__security-file-extension-name.md]. Below is an example command to create a 2048-bit RSA key pair:

sh [OpenSSL](<./openssl.md>) req -new -newkey rsa:2048 -nodes -out xxxx.csr -keyout xxxx.key -subj "/C=tw/ST=xxxx/L=xxxx/O=xxxx/OU=xxxx/CN=xxx.xxx.xxx"^[600-developer__tools__security__security-file-extension-name.md]

Once the CSR is generated, the CA uses its own keys to sign the certificate, typically via a command like openssl ca -in tempreq.pem -out server_crt.pem^[600-developer__tools__security__security-file-extension-name.md].

  • [[SSL Certificate]]
  • [[PKCS#12]]
  • [[Public Key Infrastructure]]

Sources

^[600-developer__tools__security__security-file-extension-name.md]