Certificate Signing Request (CSR)

Computer Security

2 min readSep 14, 2019

A certificate signing request (CSR) is one of the first steps towards getting our own SSL Certificate. It is a block of encoded text that is given to a Certificate Authority (CA) when applying for an SSL Certificate. It is generated on the server where the certificate will be installed. A certificate authority will use a CSR to create our SSL certificate, but it does not need our private key. The certificate created with a particular CSR will only work with the private key that was generated with it. Having said, if we lose the private key, the certificate will no longer work.

What it contains?

A CSR contains information about our business and the website we’re trying to equip with SSL, including:

It also contains the public key that will be included in the certificate and is signed with the corresponding private key.

Note: A CSR is represented as a Base64 encoded to the PKCS #10 specification.

What does a CSR Look Like?

Most CSRs are created in the Base64 encoded PEM format. We can open the CSR file using a simple text editor and it will look like the sample below. This format includes the “ — — -BEGIN CERTIFICATE REQUEST — — -” and “ — — -END CERTIFICATE REQUEST — — -” lines at the beginning and end of the CSR.

How do we generate a CSR and Private Key?

With OpenSSL we can use the following command to generate a CSR and private key:

openssl req -new -newkey rsa:2048 -nodes -out servername.csr -keyout servername.key

Here, .csr is a CSR file and .key is a private key.

Certificate Signing Request (CSR)

Computer Security

What it contains?

What does a CSR Look Like?

How do we generate a CSR and Private Key?

Written by Senthil Nayagan

No responses yet