Home Blog What is a CSR?
Technical Guide

What is a CSR (Certificate Signing Request)? A Beginner's Guide

📅 January 10, 2026  •  ⏱️ 5 min read

If you have ever purchased an SSL certificate, you have likely hit a roadblock immediately after checkout where the system asks you to "Paste your CSR here." If you are new to web hosting, this can be confusing.

A CSR (Certificate Signing Request) is a block of encoded text that serves as an application form for your SSL certificate. It contains all the necessary information about your organization and your domain name that the Certificate Authority (CA) needs to vouch for you.

What Information is Inside a CSR?

When you generate a CSR on your server, you are asked a series of questions. The answers are embedded into the code. These fields typically include:

  • Common Name (CN): The fully qualified domain name you want to secure (e.g., www.google.com or *.example.com).
  • Organization (O): The legal name of your company.
  • Organizational Unit (OU): The department handling the certificate (e.g., "IT Support").
  • City/Locality (L): The full name of your city.
  • State/Province (ST): The full name of your state.
  • Country (C): The two-letter ISO code for your country (e.g., US, UK, IN).

The Hidden Partner: The Private Key

This is the most critical part of the process. When you create a CSR, your server actually creates a pair of keys:

  1. The Public Key: This is included inside the CSR and will eventually be part of your SSL certificate.
  2. The Private Key: This remains secretly on your server and is never shared.

Think of it like a lock and key. The CSR tells the world "Here is the lock I want to use (Public Key)." The Certificate Authority stamps that lock with their seal of approval. But that stamped lock is useless if you lose the key (Private Key) that opens it.

Warning: If you lose your Private Key or delete it after generating the CSR, your SSL certificate will not work. You will have to start over and issue a new one.

How Do I Create a CSR?

You can generate a CSR in several ways depending on your server environment:

  • cPanel/Plesk: Most hosting control panels have an "SSL/TLS" section with a "Generate CSR" button.
  • Command Line (OpenSSL): System, administrators often use the command openssl req -new -newkey rsa:2048...
  • Online Tools: You can use browser-based generators to create the codes without needing complex commands.

Common Mistakes to Avoid

We analyze thousands of CSRs, and these are the most common errors we see:

  • Wrong Common Name: Entering example.com when you need www.example.com (or vice versa), or forgetting the asterisk for wildcard certs.
  • Using Invalid Characters: Fields should generally contain only alphanumeric characters. Special symbols like <,>, ?, or @ can sometimes cause parsing errors.
  • Incorrect Country Code: Using the full country name ("United States") instead of the 2-letter code ("US").

Conclusion

The Certificate Signing Request is the bridge between your server and the security provider. While it looks like gibberish text, it carries the verified identity of your digital presence. Always ensure you double-check the details inside it before submitting, as mistakes often require re-issuance.

Need to check or generate a CSR?

Use our free tools to easily create a new CSR or decode an existing one to spot errors.

Generate CSR Decode CSR