Definition

CSR (Certificate Signing Request)

Contributor(s): Sharon Shea

A Certificate Signing Request or CSR is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA). The CSR validates the information the CA requires to issue a certificate.

In a public key infrastructure (PKI) system, which enables secure data sharing among validated parties on the Internet, a CSR must be created before ordering and purchasing an SSL certificate. Applicants must first generate a key pair -- a private key which will be used to decrypt ciphertext and create digital signatures, and a public key to encrypt plaintext and verify digital certificates. Note that both the key pair and CSR must be created on the server on which the SSL certificate will be used; this is imperative to ensure the integrity of the key pair and PKI in general.

After the key pair is prepared, the CSR can be generated. Upon collecting all the necessary CSR data (see Table 1), the CA will use this data to build the certificate. How a CSR is generated depends on the webserver software used. Once the CSR is generated, it can be submitted to the CA. If the request is successfully validated, the CA will issue the SSL certificate.

Table 1

Information	Description	Example
Common Name	The fully qualified domain name (FQDN) of your server.	www.mycompany.com, mail.mycompany.com *
Business name/Organization	The legal name of your organization.	My Company, Inc., My Company, Corp.
Department/organization name	The division of your organization handling the certificate	IT, Finance
City/town	The city where your organization is located	Boston, London
State/county/region	The state/county/region where your organization is located (do not abbreviate)	Massachusetts, Worcestershire
Country	The two-letter ISO code of where your organization is located	US, GR
Email address	An email address to contact your organization	admin@mycompany.com, certificates@mycompany.com

*When generating a CSR for a wildcard certificate, the common name should start with an * (e.g., *.mycompany.com)

This was last updated in November 2013

Continue Reading About CSR (Certificate Signing Request)

Life at the edge part 4: When things go wrong

How to ensure that an SSL connection protects sensitive Web data

SSL VPN: AEP SureWare A-Gate AG-600

SSL certificate management: A practical guide

Dig Deeper on Web authentication and access control

Secure configuration management tasks with a certificate authority A CA server is a limited shield for the data that configuration management tools collect, but IT admins can use one for many tasks -- like to create custom certificates -- and boost security.

Industry reacts to Symantec certificate authority trust remediation As the Symantec certificate authority scrambles to transition its certificate-issuance operations to a subordinate certificate authority, the CA industry sharpens its knives.

How the use of invalid certificates undermines cybersecurity Symantec and other trusted CAs were found using bad certificates, which can create huge risk for internet users. Expert Michael Cobb explains how these incidents can be prevented.

Comodo to open its Certificate Transparency logs to all CAs Certificate authority Comodo has submitted two new Certificate Transparency logs for approval by Google, which aim to accept any publicly trusted certificates from any CA.

Certificate Transparency snags Symantec CA for improper certs Symantec CA could be in for more trouble after a security researcher, using Certificate Transparency logs, discovered more than 100 improperly issued certificates.

Will the Google Certificate Transparency tool prevent certificate abuse? Google's Certificate Transparency tool publicly logs certificates issued by CAs. Expert Michael Cobb explains how the log viewer works to improve certificate security.

SearchCloudSecurity

CSR (Certificate Signing Request)

Continue Reading About CSR (Certificate Signing Request)

Dig Deeper on Web authentication and access control

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCloudSecurity

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

How to evaluate CASB tools for multi-cloud deployments

SearchNetworking

4 SD-WAN vendors integrate with AWS Transit Gateway

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

3 networking startups rearchitect routing

SearchCIO

Shell, Halliburton, Unibap AB execs share real-world AI strategies

What's the difference between RPA and IPA?

The technological evolution of IT industry leaders: 2000 - 2020

SearchEnterpriseDesktop

Microsoft extends Office 365 benefit to nonprofit volunteers

Cut through confusion of the digital workspace market

Windows 10 issues top list of most read stories for IT pros

SearchCloudComputing

Review these Azure Service Bus best practices

Instill cloud change management best practices

How much cloud does an IT disaster recovery plan need?

ComputerWeekly.com

FCO to boost cloud analysis setup

Tories plan electronic visa waiver for EU citizens

Dutch government must sort IT mess as priority

Continue Reading About CSR (Certificate Signing Request)

Related Terms

Dig Deeper on Web authentication and access control

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.

File Extensions and File Formats