Glossary · Security

CSR (Certificate Signing Request)

A file you generate on your server containing your public key + identity info, which a Certificate Authority signs to produce an SSL certificate.

Diagram explaining CSR (Certificate Signing Request)

CSR is the request format used in the legacy "manual SSL" workflow:

  1. You generate a public/private keypair on your server.
  2. You create a CSR containing your public key plus your identity info (domain name, organization, location).
  3. You submit the CSR to a Certificate Authority (Sectigo, DigiCert, GeoTrust, etc.).
  4. The CA validates your identity (proving you control the domain, and for OV/EV certs, that your organization is real).
  5. The CA signs the CSR with their root key, producing your SSL certificate.
  6. You install the certificate on your server.

For modern automated SSL (Let's Encrypt, ACME protocol), CSRs still happen but the client tool (Certbot, your hosting provider's SSL panel, etc.) generates and submits them automatically. You don't see the CSR — the magic happens behind the scenes.

You'll most likely encounter CSRs when:

  • Manually purchasing a paid SSL (OV, EV, Wildcard) from a CA
  • Setting up SSL on infrastructure that doesn't support ACME (legacy load balancers, some enterprise gear)
  • Generating client certificates for VPN access or mTLS

CSR generation is a 30-second command-line task: openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr. The resulting .csr is a base64-encoded blob you paste into your CA's purchase form.

Now the jargon makes sense — let us handle the rest.

You learned what it means; we'll set it up. Register your domain, get email that lands in the inbox, and never decode a renewal bill again — flat pricing, free privacy, real human support.

No upsells at checkout · Free WHOIS privacy · Same price every year · Transfer out free, anytime

Find your domain See flat pricing