![A Look at 30 Key Cyber Crime Statistics [2023 Data Update]](https://www.thesslstore.com/blog/wp-content/uploads/2022/02/cyber-crime-statistics-feature2-75x94.jpg)
(No Ratings Yet)
Loading...What is a CSR? Here’s everything you need to know
– – – – -BEGIN NEW CERTIFICATE REQUEST- – – – –
The Certificate Signing Request (CSR) is the first step in an SSL certificate’s life cycle – it is the egg from which a certificate hatches. It is also a file that many users are unfamiliar with, which can immediately make you feel confused or lost on your journey to getting an SSL certificate.
Here is a quick explanation of what a CSR is and the role it serves for those getting an introduction (or refresher) to SSL.
What is a CSR?
A Certificate Signing Request is a file that contains information a Certificate Authority (or CA, the companies who issue SSL certificates) need to create your SSL certificate. The purpose of the CSR is to have a standardized method for providing this information to CAs.
A CSR is quite literally a request to have a certificate created and digitally signed by a CA.
There are three important parts to a CSR:
- Your public key.
- The fully-qualified domain name(s) you want your certificate to be used with.
- Other information about you and your organization/website (including the legally registered name and the city/state/country where its registered).
Let’s break those parts down. The public key is an encryption key – one-half of the “key pair” that is used with SSL certificates. This is used to encrypt the data sent to your server. When you create a CSR you also create this key pair at the same time. The public key is included in the CSR and the SSL certificate you receive, allowing users connecting to your site to transfer data securely.
The other half of the key pair is the private key. Note that while this is also created at the same time as the CSR, it is not a part of the CSR. The private key is a separate file (usually in the .key format). The private key is used to decrypt the data that the public key encrypted. As the name suggests, you keep this key to yourself and do not send it to your CA or anyone else. You will need the private key later in the process when you install your SSL certificate.
The fully-qualified domain name(s), or FQDNs, are the hostname(s) where you will use your certificate. The FQDN should consist of the subdomain and parent domain, such as “www.example.com” or “mail.example.co.uk.” Do not include the scheme (“http://”).
Some SSL certificates allow you to secure multiple FQDNs with one certificate – usually marketed as “SAN certificates” or “multi-domain certificates.” For many providers, you will still include just one FQDN in your CSR and will specify the rest later in their order form.
The final piece of the CSR is “subscriber information” – an email address, legally registered business name, and location. This information may be included in your certificate if you purchased an “OV” or “EV” certificate, which validates your website is operated by a registered company/organization. However, not all certificates include this information and if it does not apply to you, you can leave it blank. Many providers also allow you to update this information later if it is incorrect.
Those three pieces are wrapped up and encoded, usually in the “PEM” format. Here is an example of what a CSR looks like:
—–BEGIN CERTIFICATE REQUEST—–
MIIDFzCCAf8CAQAwgagxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRcw
FQYDVQQHEw5TdC4gUGV0ZXJzYnVyZzEUMBIGA1UEChMLRXhhbXBsZSBJbmMxFjAU
BgNVBAsTDVVTIE9wZXJhdGlvbnMxGDAWBgNVBAMTD3d3dy5leGFtcGxlLmNvbTEm
MCQGCSqGSIb3DQEJARYXZXhhbXBsZUB0aGVzc2xzdG9yZS5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgMpvQgGEMWy7jozVf+tiCDmWmuHlW0zhL
OtLgBOOsgsv1c2i37/zgbcN4OyJHKEmftoYQiCwZ7wVh2UA9bBlwl4/Bsr1uNXhr
i5qlT2MXP5isKQkinr0W+cysjhi1wYJo+KohmZMUEHDYMRATG6lMXLnukK1cduNw
Jb81Cc6CPgrkDK/zfBe8hvmfj92NS9uwhQiHp2lIVHx+cf2RbHDTmPzdeSgLQ79s
H1Pgj26+PbJ5havtidd/LrfMVRLArI/PrJf2msoNHqVifEnjEk7eDeuB0O7k2bEh
eluiTmK9+1Ofh70NFyKYRV0dEAs3t6vjIG2WUYjC5+sWeZDPSJaNAgMBAAGgKTAn
BgkqhkiG9w0BCQ4xGjAYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqGSIb3
DQEBCwUAA4IBAQAk+3055XmnjaE0bicZPERagpq1897WvFPSx71kU498J1lBdYbz
rZa/e/5tc+uqmX6XVEMoGoj69fPF+khgG0vPWdTH0q13lSV/KyKL5qOR9M3/9LXH
MG+F4YgTj1QHFVsnQ4gXH91PD7C4fqVV310ETW1qa91QVZu+AD0TWSdD2C9bN7lr
aUw7n605LVhZXcQSh4die7IYVhp3uiHsQvHIJj+NnH18FefxhcVmtLoVWvu0uilj
qIfg/hgJwDPMi4n49GkhdSqwYc//2yQOiMRCEDPLSyGbiARnWA/l0F+8VzrUtYc3
ltpinEz8C9QddgW2KjcA3NPSQotiXh0D8Tk0
—–END CERTIFICATE REQUEST—–
Where does a CSR come from?
Well, when two SSL Certificates love each other very much, they… just kidding. Typically, the CSR is created by you on your web server. Every web server OS handles this process differently. On Windows/IIS, cPanel, and Plesk, there is a guided wizard. On NGINX/Apache, you use the command line.
In some cases, you will not be able to create a CSR yourself. This is most common when you use “shared” web hosting from providers like GoDaddy or HostGator. In this situation, you usually fill out of form to ask for a CSR.
Once you have created your CSR, you will paste/upload it into the order form on your SSL provider’s website. They will use the information in your CSR to create a certificate for you and send it back (after you have completed the validation process which, depending on the type of certificate you purchased, can take a few minutes or a few days).
While you won’t need to use your CSR again in the process of receiving your SSL certificate, it will be the most convenient to save it. If you ever need to re-issue your certificate you will need a CSR to restart the process. However you can always create a new CSR, so don’t fret if you lose it.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown