CSR (Certificate Signing Request) is the message that’s sent to the CA in order to get a digital certificate created. A CSR is often generated on the same server on which the certificate is to be installed. Before creating a CSR, the applicant must first generate a public-private key pair.
The public key is included in the CSR and is used by the CA to create the certificate while the private key (to be kept private again) is used to sign the information contained in the CSR. Apart from the public key, the CSR may have the following information on it:
Information | Description | Sample |
---|---|---|
Common Name (CN) | This is the fully qualified domain name (FQDN) of the device to be secured. | www.example.com *.example.com mail.exapmle.com |
Business Name/Organization (O) | The legal incorporated name of the organization. The name shouldn’t be abbreviated, and it should include suffixes like .Ltd, .Inc. | AppViewX, Inc. |
Department Name/Organizational Unit (OU) | The department in your organization handling the certificate. | IT, Finance |
City/Locality (L) | The city/town your organization is located in. | New York City |
Province, Region, County, or State (S) | This should not be abbreviated | New York |
Country (C) | The two-letter ISO code of your country | US |
Email Address (MAIL) | The primary point of contact in your organization for certificate-related operations, usually the IT department |
A CSR is usually represented as a Base64 encoded PKCS(Public Key Cryptography Standard)#10. Here’s a sample of what a CSR looks like:
—–BEGIN CERTIFICATE REQUEST—–
MIICzDCCAbQCAQAwgYYxCzAJBgNVBAYTAkVOMQ0wCwYDVQQIDARub25lMQ0wCwYDVQQHDARub25lMRIwEAYDVQQKDAlXaWtpcGVkaWExDTALBgNVBAsMBG5vbmUxGDAWBgNVBAMMDyoud2lraXBlZGlhLm9yZzEcMBoGCSqGSIb3DQEJARYNbm9uZUBub25lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMP/U8RlcCD6E8ALPT8LLUR9ygyygPCaSmIEC8zXGJung3ykElXFRz/Jc/bu0hxCxi2YDz5IjxBBOpB/kieG83HsSmZZtR+drZIQ6vOsr/ucvpnB9z4XzKuabNGZ5ZiTSQ9L7Mx8FzvUTq5y/ArIuM+FBeuno/IV8zvwAe/VRa8i0QjFXT9vBBp35aeatdnJ2ds50yKCsHHcjvtr9/8zPVqqmhl2XFS3Qdqlsprzbgksom67OobJGjaV+fNHNQ0o/rzP//Pl3i7vvaEG7Ff8tQhEwR9nJUR1T6Z7ln7S6cOr23YozgWVkEJ/dSr6LAopb+cZ88FzW5NszU6i57HhA7ECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4IBAQBn8OCVOIx+n0AS6WbEmYDRSspR9xOCoOwYfamB+2Bpmt82R01zJ/kaqzUtZUjaGvQvAaz5lUwoMdaO0X7I5XflsllMFDaYoGD4Rru4s8gz2qG/QHWA8uPXzJVAj6X0olbIdLTEqTKsnBj4Zr1AJCNy/YcG4ouLJr140o26MhwBpoCRpPjAgdYMH60BYfnc4/DILxMVqR9xqK1s98d6Ob/+3wHFK+S7BRWrJQXcM8veAexXuk9lHQ+FgGfD0eSYGz0kyP26Qa2pLTwumjt+nBPlrfJxaLHwTQ/1988G0H35ED0f9Md5fzoKi5evU1wG5WRxdEUPyt3QUXxdQ69i0C+7
—–END CERTIFICATE REQUEST—–
*from Wikipedia