What is the Certificate Signing Request (CSR)?
A Certificate Signing Request (CSR) is a block of encoded texts forwarded to a Certificate Authority (CA) when users apply for a certificate, such as an SSL/TLS certificate. CSR is created on the server where the certificate will be installed. CSR includes information such as domain name, organization name, locality, and country. The request also contains the public key, which will be associated with the certificate generated, and the same server also generates the private key. When developing the certificate, CA would only use the public key, and the private key should be saved and kept secret, as the private key is the key pair of the public key, and the certificate would not work if we lose the private key.
A CSR contains:
-
Domain Name
Fully qualified domain name (FQDN) of the server, such as encryptionconsulting.com.
-
Organization Name
Legal name of the organization such as ‘Encryption Consulting LLC.’
-
Organization Unit
Division of the organization, such as IT Department, or Marketing.
-
City/Locality
City, where the organization is located, such as Prosper.
-
State/County/Region
such as Texas
-
Country
such as the US
-
Email address
Email address to contact the organization, such as info@encryptionconsulting.com
-
Public Key
The public key which will be associated with the certificate.