Public Key Infrastructure

Digital Key Management

Digital Certificates

TLS/SSL Certificates

Certificate Management

Certificate Authority

Certificate Scanning

Encryption Standards, Regulations, and Algorithms

Certificate Request

Chain of Trust

Certificate Provisioning

Certificate Renewal and Revocation

Buying a Certificate from CA

PKI for IoT

What is CSR

CSR (Certificate Signing Request) is the message that’s sent to the CA in order to get a digital certificate created. A CSR is often generated on the same server on which the certificate is to be installed. Before creating a CSR, the applicant must first generate a public-private key pair. The public key is included in the CSR and is used by the CA to create the certificate while the private key (to be kept private again) is used to sign the information contained in the CSR. Apart from the public key, the CSR may have the following information on it:

InformationDescriptionSample
Common Name (CN)This is the fully qualified domain name (FQDN) of the device to be secured.www.example.com
*.example.com
mail.exapmle.com
Business Name/Organization (O)The legal incorporated name of the organization. The name shouldn’t be abbreviated, and it should include suffixes like .Ltd, .Inc.AppViewX, Inc.
Department Name/Organizational Unit (OU)The department in your organization handling the certificate.IT, Finance
City/Locality (L)The city/town your organization is located in.New York City
Province, Region, County, or State (S)This should not be abbreviatedNew York
Country (C)The two-letter ISO code of your countryUS
Email Address (MAIL)The primary point of contact in your organization for certificate-related operations, usually the IT department

A CSR is usually represented as a Base64 encoded PKCS(Public Key Cryptography Standard)#10. Here’s a sample of what a CSR looks like:

—–BEGIN CERTIFICATE REQUEST—–
MIICzDCCAbQCAQAwgYYxCzAJBgNVBAYTAkVOMQ0wCwYDVQQIDARub25lMQ0wCwYDVQQHDARub25lMRIwEAYDVQQKDAlXaWtpcGVkaWExDTALBgNVBAsMBG5vbmUxGDAWBgNVBAMMDyoud2lraXBlZGlhLm9yZzEcMBoGCSqGSIb3DQEJARYNbm9uZUBub25lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMP/U8RlcCD6E8ALPT8LLUR9ygyygPCaSmIEC8zXGJung3ykElXFRz/Jc/bu0hxCxi2YDz5IjxBBOpB/kieG83HsSmZZtR+drZIQ6vOsr/ucvpnB9z4XzKuabNGZ5ZiTSQ9L7Mx8FzvUTq5y/ArIuM+FBeuno/IV8zvwAe/VRa8i0QjFXT9vBBp35aeatdnJ2ds50yKCsHHcjvtr9/8zPVqqmhl2XFS3Qdqlsprzbgksom67OobJGjaV+fNHNQ0o/rzP//Pl3i7vvaEG7Ff8tQhEwR9nJUR1T6Z7ln7S6cOr23YozgWVkEJ/dSr6LAopb+cZ88FzW5NszU6i57HhA7ECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4IBAQBn8OCVOIx+n0AS6WbEmYDRSspR9xOCoOwYfamB+2Bpmt82R01zJ/kaqzUtZUjaGvQvAaz5lUwoMdaO0X7I5XflsllMFDaYoGD4Rru4s8gz2qG/QHWA8uPXzJVAj6X0olbIdLTEqTKsnBj4Zr1AJCNy/YcG4ouLJr140o26MhwBpoCRpPjAgdYMH60BYfnc4/DILxMVqR9xqK1s98d6Ob/+3wHFK+S7BRWrJQXcM8veAexXuk9lHQ+FgGfD0eSYGz0kyP26Qa2pLTwumjt+nBPlrfJxaLHwTQ/1988G0H35ED0f9Md5fzoKi5evU1wG5WRxdEUPyt3QUXxdQ69i0C+7
—–END CERTIFICATE REQUEST—–

*from Wikipedia

Related Articles:   What are the Steps Involved in Verification?