Wednesday, 8 May 2013

What is a Certificate Signing Request (CSR)?

A Certificate Signing Request (CSR) is an encrypted body of text generated on the web server where the SSL certificate is installed. It is a code necessary for the application and activation of an SSL certificate.

Generally, CSRs contain encoded information specific to the registered domain name and the company requesting the SSL certificate. These CSRs usually include details such as: Country, State (or Province), Locality (or City), Organization (Company Name), Organizational Unit (Department), and Common Name (website/domain). To be valid, all these information must be filled out correctly. Moreover, the CSR also contains the public key which is needed to encrypt and secure sensitive information as they are transmitted from the website to the server.

The private key is generated at the time the CSR and public key are created, but it is only kept secret by the technical end user and is not part of the signing request.

Certificate Signing Request (CSR) generation remains one of the consistent problem areas faced by customers who wish to secure their server. Most of the time, customers are unfamiliar with the CSR generation process or make time-consuming mistakes.

Some Certificate Authorities today, like GlobalSign, provides end users the AutoCSR option. This is to ensure convenience for those who do not have the technical know-how on CSR generation but would like to secure their servers and websites with SSL certificates. With AutoCSR, the CA who issued the certificate will generate the CSR on behalf of the organization making the order. The required fields should be filled out accordingly during the certificate application process.