When someone applies for a SSL certificate, they usually require Certificate Signing Request (CSR). Without this CSR, no certificate authority will issue a SSL certificate to the applicant. Let us get to know the CSR in detail, in this post.
What Is A Certificate Signing Request (CSR)?
Certificate Signing Request (CSR) is basically set of some public information which SSL applicant gives to a SSL issuing authority. The purpose of CSR is to provide information such as public key for which certificate will be issued, along with domain name and identity protection.
Screenshot: CSR required while applying for a GeoTrust SSL certificate.
With CSR, the applicant generates private (secret) and public keys. The main work of the CSR to get the identity information for the applicant and issue a SSL certificate on its behalf. SSL certificate issuer may contact applicant for information validation before issuing a SSL certificate.
Following is the information one needs while generating a typical CSR. The distinguished name terminology is often used with SSL certificates, which is also mentioned here.
| Information | Description | Example | DN |
|---|---|---|---|
| Common Name | This should contain the fully qualified domain name (FQDN) for which you want to get a SSL certificate issued. | *.technoyl.com | CN |
| Organization | This is company name for which SSL certificate is being issued. The company name may have suffix such as Inc., LLC, Ltd., Corp. etc. | Technoyl Inc. | O |
| Organizational Unit | This could be the specific department of the above organization to which SSL certificate to be issued. | OU | |
| City | City of the SSL applicant. | Mumbai | L |
| County | This is the state, province of the SSL applicant. | Maharashtra | ST |
| Country | The country information for the SSL applicant. It is two-letter ISO code. | IN | C |
| Email address | The SSL applicant’s or the certificate manager or IT administrator’s email information is required in this field. |