Introduction to CSR Generation
A Certificate Signing Request (CSR) is the first step in obtaining an SSL certificate. The CSR contains your domain name, organization information, and a public key that will be used in your certificate. Understanding how SSL works helps you make informed decisions during this process.
My-SSL provides a free CSR Generator tool that makes this process simple and secure. Your private key is generated locally in your browser and never transmitted to any server. This is part of the broader PKI (Public Key Infrastructure) system that secures internet communications.
Step 1: Common Name (Domain)
The Common Name (CN) is the most important field in your CSR. It specifies which domain your SSL certificate will protect.
What to Enter
- Single domain: Enter your fully qualified domain name (e.g.,
www.example.com) - Wildcard certificate: Enter
*.example.comto protect all subdomains - Multiple domains: You can add additional domains as Subject Alternative Names (SANs)
Important: Make sure to enter the exact domain you want to protect. The certificate will only work for the domain(s) specified.
Step 2: Organization Details
For Domain Validation (DV) certificates, organization details are optional since DV only verifies domain ownership.
For Organization Validation (OV) and Extended Validation (EV) certificates, you must provide accurate organization information:
- Organization Name: Your legal business name as registered
- Organizational Unit: Department (e.g., "IT Department", "Web Security")
- City/Locality: City where your organization is located
- State/Province: Full state or province name
- Country: Two-letter country code (e.g., US, GB, DE)
Note: For OV and EV certificates, all organization details will be verified by the Certificate Authority and must match your official business registration.
Step 3: Key Size
The key size determines the cryptographic strength of your SSL certificate.
Recommended Options
| Key Size | Security Level | Compatibility |
|---|---|---|
| 2048-bit | Standard security, recommended | Universal compatibility |
| 4096-bit | Maximum security | Good compatibility, slightly slower |
Recommendation: Use 2048-bit for most websites. Choose 4096-bit for high-security applications like banking or healthcare.
Step 4: Subject Alternative Names (SAN)
Subject Alternative Names allow you to include multiple domain names in a single certificate.
Common Use Cases
- Protect both
example.comandwww.example.com - Secure multiple subdomains with one certificate
- Include different domain names for the same website
Step 5: Generate CSR and Private Key
Once you've filled in all the required information, click "Generate CSR" to create your CSR and private key.
Important: Save Your Private Key
Your private key is generated locally and is not stored anywhere. You must save it immediately!
- Download both the CSR and Private Key files
- Store the private key securely - you'll need it during installation
- Never share your private key with anyone
- If you lose the private key, you'll need to generate a new CSR and reissue the certificate
What You'll Receive
- CSR File: Submit this to the Certificate Authority when ordering your SSL certificate
- Private Key: Keep this secure for installing your certificate on the server
Next Steps
After generating your CSR:
- Order your SSL certificate: Visit our SSL Certificates page
- Submit the CSR: Paste the CSR during the order process
- Complete validation: Verify domain ownership via email, DNS, or file
- Install the certificate: Use your private key and certificate files
For the next step, see our SSL Certificate Configuration Guide.
Frequently Asked Questions
What is a CSR used for?
A CSR is used to apply for an SSL certificate from a Certificate Authority. It contains your domain information and public key, which are encoded into the certificate.
How long is a CSR valid?
CSRs don't expire, but it's best practice to generate a new CSR for each certificate to ensure fresh key pairs.
Can I reuse a CSR for renewal?
While technically possible, we recommend generating a new CSR for each certificate renewal for better security.
What if I lose my private key?
If you lose your private key, you cannot install the certificate. You'll need to generate a new CSR and request the certificate to be reissued.
Is the CSR Generator secure?
Yes, the CSR and private key are generated entirely in your browser. Nothing is sent to any server, ensuring complete security.
Ready to Get Your SSL Certificate?
Now that you've generated your CSR, order your SSL certificate and secure your website.
SSL Certificates
Starting at From $2.99/year/year
- Domain Validation (DV)
- Organization Validation (OV)
- Extended Validation (EV)
- Wildcard & Multi-Domain
Related Articles
SSL Certificate Configuration
Configure and issue your SSL certificate
Certificate Management Guide
Manage, reissue, and renew your certificates
Complete Guide to Free SSL Certificate Tools
Master all 7 essential SSL tools
After CSR: Installation Guides
Sources & References
Official documentation and industry standards cited in this article
- RFC 2986 - PKCS #10: Certification Request SyntaxIETF·RFC·Accessed January 2026
- RFC 5280 - X.509 PKI Certificate ProfileIETF·RFC·Accessed January 2026
- CA/Browser Forum Baseline RequirementsCA/Browser Forum·Standard·Accessed January 2026