What is a Certificate Signing Request (CSR)?

When you apply to get a SSL Certificate, getting a CSR, or Certificate Signing Request, is part of it. A block of encoded text, your CSR has important information included in it, including the name of your organization, the domain name, and where it’s located. Your CSR is typically created on the same server where it will be installed and will almost always contain a public and private key. These two keys create a pair, something that is entirely unique to your CSR.

By creating your CSR, you’re able to have the certificate authority give you your SSL certificate. This SSL certificate will be used in tandem with your public key – not your private key, as this should always be kept, as you guessed, private. If for some reason the private key specific to your CSR gets lost, then a brand new CSR will need to be generated.

While it might seem like an extra, or even unnecessary step for getting your SSL certificate, the CSR plays an important role in keeping the entire process standardized.

Receiving your CSR means that you now have three very important things:

  1. The two keys, the public key and the private key
  2. A unique domain name that is fully-qualified with your certificate
  3. Registered information about your organization and its associated website, including its location

Why are these three things important?

First of all, the public key provides encryption for your SSL certificate, allowing data to be securely stored. The other half of this pair, the private key, is a separate file that does the opposite of the public key, which means it decrypts the information. Think of the pair as two separate keys designed to lock and then unlock your data. When it comes time to install your SSL certificate, both keys will be needed.

By qualifying your domain name, your certificate creates even more security on your website sot that when you add your registered information, everything becomes more secure and, in the eyes of your visitors and customers, 100% legal.

You’ll find that the majority of CSRs are generated in what is known as the “Base-64 encoded PEM format”. This means that it will start with the standard “—–BEGIN CERTIFICATE REQUEST—–” and then finish with “—–END CERTIFICATE REQUEST——”. When working with a PEM format like this, just use a text editor so that you can see what’s actually included in your CSR. To decode your CSR, you’ll need a free CSR decoder, which can be found easily online.

To get a little more technical, you can start to look at the bit-length of your CSR. This length will let you know how easy it is for your keys to be cracked using brute force hacking tactics. In general, anything less than 2048 bits is fairly weak and would take just a matter of months to break. Remember, all it takes for your website to be hacked is your private key from the CSR to be broken and then used by a third party.

Learn more from other feature courses

Learn more about eCommerce