Definition

CSR (Certificate Signing Request)

A Certificate Signing Request or CSR is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA). The CSR validates the information the CA requires to issue a certificate.

In a public key infrastructure (PKI) system, which enables secure data sharing among validated parties on the Internet, a CSR must be created before ordering and purchasing an SSL certificate. Applicants must first generate a key pair -- a private key which will be used to decrypt ciphertext and create digital signatures, and a public key to encrypt plaintext and verify digital certificates. Note that both the key pair and CSR must be created on the server on which the SSL certificate will be used; this is imperative to ensure the integrity of the key pair and PKI in general.

After the key pair is prepared, the CSR can be generated. Upon collecting all the necessary CSR data (see Table 1), the CA will use this data to build the certificate. How a CSR is generated depends on the webserver software used. Once the CSR is generated, it can be submitted to the CA. If the request is successfully validated, the CA will issue the SSL certificate.

Table 1

Information

Description

Example

Common Name

The fully qualified domain name (FQDN) of your server.

www.mycompany.com,

mail.mycompany.com *

Business name/Organization

The legal name of your organization.

My Company, Inc., My Company, Corp.

Department/organization name

The division of your organization handling the certificate

IT, Finance

City/town

The city where your organization is located

Boston, London

State/county/region

The state/county/region where your organization is located (do not abbreviate)

Massachusetts, Worcestershire

Country

The two-letter ISO code of where your organization is located

US, GR

Email address

An email address to contact your organization

admin@mycompany.com, certificates@mycompany.com

*When generating a CSR for a wildcard certificate, the common name should start with an * (e.g., *.mycompany.com)

Contributor(s): Sharon Shea
This was last updated in November 2013
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: