Cybersecurity Frameworks

Key Management Interoperability Protocol

What is the Certificate Signing Request (CSR)?

Certificate Signing Request

A Certificate Signing Request (CSR) is a block of encoded texts forwarded to a Certificate Authority (CA) when users apply for a certificate, such as an SSL/TLS certificate. CSR is created on the server where the certificate will be installed.  CSR includes information such as domain name, organization name, locality, and country. The request also contains the public key, which will be associated with the certificate generated, and the same server also generates the private key. When developing the certificate, CA would only use the public key, and the private key should be saved and kept secret, as the private key is the key pair of the public key, and the certificate would not work if we lose the private key.

A CSR contains:

  • Domain Name

    Fully qualified domain name (FQDN) of the server, such as

  • Organization Name

    Legal name of the organization such as ‘Encryption Consulting LLC.’

  • Organization Unit

    Division of the organization, such as IT Department, or Marketing.

  • City/Locality

    City, where the organization is located, such as Prosper.

  • State/County/Region

    such as Texas

  • Country

    such as the US

  • Email address

    Email address to contact the organization, such as

  • Public Key

    The public key which will be associated with the certificate.

Let's talk