A Certificate Signing Request (CSR) is a block of encoded texts forwarded to a Certificate Authority (CA) when users apply for a certificate, such as an SSL/TLS certificate. CSR is created on the server where the certificate will be installed. CSR includes information such as domain name, organization name, locality, and country. The request also contains the public key, which will be associated with the certificate generated, and the same server also generates the private key. When developing the certificate, CA would only use the public key, and the private key should be saved and kept secret, as the private key is the key pair of the public key, and the certificate would not work if we lose the private key.
A CSR contains:
- Domain Name: Fully qualified domain name (FQDN) of the server, such as encryptionconsulting.com.
- Organization Name: Legal name of the organization such as ‘Encryption Consulting LLC.’
- Organization Unit: Division of the organization, such as IT Department, or Marketing.
- City/Locality: City, where the organization is located, such as Prosper.
- State/County/Region: such as Texas
- Country: such as the US
- Email address: Email address to contact the organization, such as email@example.com
- Public Key: The public key which will be associated with the certificate.