JSONToTable
Loading CSR Generator...
Please wait a moment

How to Generate a CSR - Step by Step Guide

Step 1

Enter Your Certificate Information

Fill in your organization and domain details. The Common Name (CN) is required and should be your fully qualified domain name (FQDN):

Common Name (CN): Your primary domain name (e.g., example.com, www.example.com)
Organization (O): Your company or organization legal name
Organizational Unit (OU): Department name (e.g., IT Department, Engineering)
Location Details: City, State/Province, and 2-letter Country code
Subject Alternative Names (SAN): Additional domains to be covered by the certificate

Example: Certificate Information

Common Name: example.com
Organization: Example Inc
Organizational Unit: IT Department
City: San Francisco
State: California
Country: US
SANs: www.example.com, api.example.com, mail.example.com
Step 2

Configure Key Settings

Choose your cryptographic key type and size. The tool supports both RSA and ECDSA (Elliptic Curve) keys:

RSA Keys: Traditional and widely supported. Choose 2048-bit (standard) or 4096-bit (extra security)
ECDSA Keys: Modern elliptic curve cryptography. Smaller keys with equivalent security (P-256, P-384, P-521)
Recommendation: RSA 2048-bit or ECDSA P-256 provide excellent security for most use cases

Key Type Comparison

Key TypeKey SizeSecurity LevelPerformance
RSA2048 bits✓ StandardGood
RSA4096 bits✓ HighSlower
ECDSAP-256✓ StandardExcellent
ECDSAP-384✓ HighVery Good
Step 3

Generate Your CSR and Keys

Click "Generate CSR" to create your certificate signing request along with the cryptographic key pair:

Instant generation: CSR and keys are created in seconds using your browser's cryptography
Client-side processing: Everything is generated in your browser - nothing sent to our servers
Three outputs: You'll receive the CSR, Private Key, and Public Key in PEM format

Example: Generated CSR

Your CSR will look like this (PEM format):

-----BEGIN CERTIFICATE REQUEST-----
MIICwzCCAasCAQAwfjEUMBIGA1UEAxMLZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQw
EgYDVQQKEwtFeGFtcGxlIEluYzEWMBQGA1UECxMNSVQgRGVwYXJ0bWVudDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPOllsQL5vlhPBN7TCzsza7idwqJ
+hCkHNj0fyO8PwLQu4+23LPS7N2aBZYjN1uBS/Gn55aJwDq0KY0p45TnVNtzDuVE
...
-----END CERTIFICATE REQUEST-----
Step 4

Download and Secure Your Keys

Save your generated files securely. The private key is especially important:

Download CSR: Save the CSR file to submit to your Certificate Authority
Secure Private Key: Store the private key in a safe location. Never share it or upload it anywhere
Keep Public Key: The public key can be shared freely and is embedded in the CSR
Copy or Download: Use the copy buttons for quick copying or download buttons to save as files
⚠️
Security Warning:

Your private key is the secret that proves ownership of your certificate. Never share it, commit it to version control, or upload it to any website. Store it in a secure location with restricted access. You'll need it to install your SSL/TLS certificate once it's issued by the Certificate Authority.

Step 5

Submit CSR to Certificate Authority

Take your generated CSR to a Certificate Authority (CA) to get your SSL/TLS certificate issued:

Popular CAs: Let's Encrypt, ZeroSSL, DigiCert, Sectigo offer SSL certificates
Commercial CAs: DigiCert, Sectigo, GlobalSign offer validated certificates with warranties
Domain Validation: You'll need to prove you own the domain (DNS, email, or HTTP validation)
Certificate Issuance: Once validated, the CA will issue your signed certificate

Frequently Asked Questions

What is a CSR (Certificate Signing Request)?

A CSR is an encoded message sent to a Certificate Authority (CA) to apply for an SSL/TLS certificate following PKCS#10 standard. It contains your public key and information about your organization and domain. The CA uses the CSR to create your certificate while you keep the private key secure.

Is it safe to generate a CSR online?

Yes! Our CSR generator runs entirely in your browser using the Web Crypto API. Your private key never leaves your computer and is not sent to any server. However, always download and secure your private key immediately after generation following NIST key management guidelines.

Should I use RSA or ECDSA keys?

Both are secure. RSA is more widely supported and traditional. ECDSA offers equivalent security with smaller key sizes and better performance. For most use cases, RSA 2048-bit or ECDSA P-256 are excellent choices. Check with your Certificate Authority for their recommendations.

What are Subject Alternative Names (SANs)?

SANs allow one certificate to cover multiple domain names. For example, a certificate with SANs can protect example.com, www.example.com, and api.example.com. This is more convenient and cost-effective than having separate certificates for each domain.

What do I do after generating the CSR?

1) Download and securely store your private key. 2) Submit the CSR to your chosen Certificate Authority like Let's Encrypt, DigiCert, or Sectigo. 3) Complete domain validation as required by the CA. 4) Receive your signed certificate. 5) Install the certificate on your server along with the private key you generated.

Can I regenerate a CSR if I lose my private key?

If you lose your private key, you must generate a new CSR with a new key pair. The CSR and certificate are cryptographically linked to the private key. Without the private key, your certificate cannot function. Always keep secure backups of your private keys.

What file format is the generated CSR?

The CSR is generated in PEM (Privacy Enhanced Mail) format, which is the standard format expected by most Certificate Authorities. It's a Base64-encoded format with BEGIN and END markers. The private and public keys are also in PEM format.

How long does the CSR generation take?

CSR generation typically takes just a few seconds. RSA 2048-bit keys generate almost instantly. Larger keys (RSA 4096-bit) may take a few seconds longer. The process happens entirely in your browser using modern cryptographic APIs.

Related Tools

SSL Checker

Check SSL certificates on live websites - view validity, expiration dates, issuer details, and security status instantly

SSL Certificate Converter

Convert SSL certificates between formats: PEM (text), DER (hex), CRT (PEM file), CER (DER file) with auto-detection

SSL Certificate Decoder

Parse and view SSL/TLS certificate details including subject, issuer, validity, public key, extensions, and fingerprints

CSR Decoder

Decode and verify Certificate Signing Requests (CSR) to view subject, public key, and signature details before submission

Self-Signed Certificate Generator

Generate self-signed SSL certificates for testing and development environments with RSA or ECDSA keys

SSL Certificate Chain Validator

Validate SSL certificate chains, verify certificate order, and check trust paths