hash — OpenSSL computes a SHA-1 hash of the SubjectPublicKeyInfo. Enables key-based chain building by CAs and path validation.Add OIDs for SPDM, DICE, TPM 2.0, ETSI, or any profile-specific extension. Written into [v3_req] in the downloaded .cnf.
Fill in your certificate details on the left and click Generate CSR + Private Key. Everything runs in your browser — nothing is sent to any server.
Frequently Asked Questions
Everything you need to know about generating and using your CSR.
How to generate a CSR using EC's CSR Generator tool?
Generating a CSR has never been easier. Simply open the CSR Generator tool and follow three straightforward steps.
Choose the profile that matches your requirements — whether that's an industry standard like NIST SP 800-57, CA/B Forum, FIPS 140-3, or a fully Custom profile based on your organization's own security policy.
Enter your domain name (Common Name), Organization, Department, City, State, Country, and optionally Subject Alternative Names (SANs) if the certificate needs to cover multiple domains. Choose your Key Type (RSA, ECC), ECC Curve, and Signature Hash algorithm.
If your use case requires it, toggle on extensions such as keyUsage, extendedKeyUsage, basicConstraints, or custom OID extensions.
Once everything is filled in, click "Generate CSR + Private Key" and the tool instantly produces your Certificate Signing Request and private key in .pem format.
What to do once you get the CSR and Private Key?
Once the tool generates your CSR and Private Key, here is what you do with each.
Such as Microsoft CA. The CA will verify the CSR and issue your signed digital certificate.
Install it on your server alongside the signed certificate once the CA has processed your request.
Keep it in a hardware-based module and never share it with anyone. It cannot be recovered once lost.
Please Note: Encryption Consulting LLC does not possess or store any information entered or generated here. The user is solely responsible for securing and managing their private key.
What is the use of the openssl.cnf file?
The openssl.cnf file is the configuration file that OpenSSL uses behind the scenes to generate your CSR. Normally you would have to write this file yourself, defining all your certificate fields, extensions, key usage flags, OIDs, and SANs in the correct format. The CSR Generator builds it automatically based on the details you provide.
See exactly what parameters were used to generate your CSR.
If you need to regenerate the same CSR or automate the process in a pipeline, use this file directly with the OpenSSL command the tool also provides.
Security teams can review the openssl.cnf to verify that the certificate was generated according to the organization's cryptographic policy and standards.