Your Trusted Web Hosting Partner Since 2008. Get VPS Now!
Support  +373 79 600002
English Flag English
Login Sign Up
Support  +373 79 600002
Sign Up Login
+373 79 600002
English Flag English
Your Trusted Web Hosting Partner Since 2008. Get VPS Now!

Test your skills on our all Hosting services and get 15% off!

Use code at checkout:

Skills
30.10.2024
Administration

What is a CSR and How to Create One?

A CSR (Certificate Signing Request) is a block of encoded text that an organization or individual submits to a Certificate Authority (CA) when applying for an SSL certificate. The CSR contains information that the CA uses to create the certificate, such as the applicant’s public key and the organization’s details. This certificate is then used to secure communications on websites by enabling HTTPS.

In this article, we’ll explain what a CSR is, why it’s important, and provide step-by-step instructions on how to create one.

What is a CSR (Certificate Signing Request)?

A CSR is a file that includes a website owner’s public key and important information about the website and organization requesting the SSL certificate. This request is then submitted to a Certificate Authority (CA), such as Let’s Encrypt, DigiCert, or Comodo, which validates the details before issuing the certificate.

A typical CSR includes:

  • Public key: Used in the encryption process.
  • Common Name (CN): The fully qualified domain name (FQDN) you want to secure (e.g., www.example.com).
  • Organization Name: The name of the company or individual applying for the SSL certificate.
  • Organizational Unit: The department or division within the company (optional).
  • Locality: The city where the organization is located.
  • State/Province: The state or province where the organization is based.
  • Country: The two-letter country code (e.g., US for the United States).

The CSR does not contain the private key of the website, which is generated and kept secure on the server.

Why is a CSR Important?

A CSR is an essential part of the SSL certificate issuance process. Here’s why it’s important:

1. Requesting an SSL Certificate

When you apply for an SSL certificate, you need to submit a CSR to the Certificate Authority. The CA uses the information in the CSR to issue a certificate that matches the domain, organization, and server.

2. Security

The CSR includes the public key, which is used to encrypt data between the server and the client (the browser). The private key, which is generated alongside the public key, is kept secure on the server and is never shared with anyone. Together, they enable secure communications using SSL/TLS.

3. Validation

The CA uses the information in the CSR to verify the identity of the certificate requester. Depending on the type of SSL certificate (e.g., Domain Validation, Organization Validation, or Extended Validation), the CA may perform different levels of checks before issuing the certificate.

How to Create a CSR

Creating a CSR involves generating a public-private key pair and then creating the CSR using these keys. The process varies slightly depending on the server you’re using, but the basic steps are the same.

Step 1: Generate a Private Key

The first step in creating a CSR is generating a private key. The private key will be used to encrypt and decrypt data on your website and should be kept secure.

Example using OpenSSL (Linux, macOS, or Windows with OpenSSL installed):
  1. Open a terminal or command prompt.
  2. Run the following command to generate a private key:
    openssl genrsa -out private.key 2048

    This will generate a 2048-bit RSA private key and save it to a file called private.key.

Step 2: Generate the CSR

Once you have the private key, the next step is to create the CSR. The CSR contains the public key (derived from the private key) and information about your organization.

Example using OpenSSL:
  1. In the terminal, run the following command:
    openssl req -new -key private.key -out yourdomain.csr

    You will be prompted to enter information for the CSR. Here’s what you’ll need to provide:

    • Country Name (2-letter code): The two-letter code of your country (e.g., US, GB).
    • State or Province Name: The full name of the state or province (do not abbreviate).
    • Locality Name: The city or locality where your organization is located.
    • Organization Name: Your company or organization’s full legal name (or your name if you’re an individual).
    • Organizational Unit Name: The department or division (optional).
    • Common Name: The fully qualified domain name (FQDN) that you want to secure (e.g., www.example.com or example.com).
    • Email Address: Your contact email address (optional).
  2. After entering the required information, the CSR will be saved to a file called yourdomain.csr.

Step 3: Submit the CSR to the Certificate Authority

Once your CSR is generated, you can submit it to the Certificate Authority (CA) when applying for an SSL certificate. The CA will use the information in the CSR to issue the certificate.

Step 4: Save the Private Key Securely

The private key generated in Step 1 is crucial for SSL encryption. Be sure to keep it secure and do not share it with anyone. If the private key is lost or compromised, you will need to generate a new key and request a new SSL certificate.

Common CSR Tools and Methods

In addition to using OpenSSL, you can also create CSRs using other tools and methods, depending on the platform you’re using:

1. Using cPanel (Web Hosting Control Panel)

If your website is hosted with a provider that uses cPanel, you can create a CSR directly in the control panel:

  1. Log in to your cPanel account.
  2. Navigate to the Security section and click on SSL/TLS.
  3. Under Certificate Signing Requests (CSR), click Generate, view, or delete SSL certificate signing requests.
  4. Fill out the CSR form with the required information (similar to what you enter in OpenSSL).
  5. Click Generate. The CSR will be displayed, and you can copy it to submit to your CA.

2. Using IIS (Windows Server)

If you’re managing a website on a Windows Server using IIS, you can create a CSR using the IIS Manager:

  1. Open IIS Manager on your server.
  2. Select your server from the Connections panel.
  3. Double-click on Server Certificates in the IIS section.
  4. In the Actions panel, click Create Certificate Request.
  5. Fill out the CSR details and click Next.
  6. Choose the cryptographic provider and bit length (usually 2048).
  7. Save the CSR to a file and submit it to the CA.

Conclusion

A Certificate Signing Request (CSR) is a critical part of the SSL certificate process, enabling you to request a certificate from a Certificate Authority. It contains important information about your organization and the domain you want to secure. By generating a CSR using tools like OpenSSL, cPanel, or IIS, you can obtain an SSL certificate that will protect your website and enable secure communication between the server and its visitors.

Remember to keep your private key secure and follow the CA’s instructions to complete the SSL certificate installation. With a properly configured SSL certificate, you’ll ensure that your website remains secure and trustworthy for users.

Test your skills on our all Hosting services and get 15% off!

Use code at checkout:

Skills
Related news
Step-by-Step IPKVM Setup and Usage Tutorial for Windows OS

IPKVM (short for Internet Protocol Keyboard, Video, and Mouse) is a remote server management tool that allows administrators to...

Use systemd to Start a Linux Service at Boot

For those managing applications or services on Linux VPS hosting, ensuring that critical services start automatically at boot is...

Removing files and directories in python

Advanced Guide to Removing Files and Directories in Python In Python, handling files and directories is a common task,...