Search our site for answers
Help Docs Security Overview SSL Certificates Guide Generating an SSL Certificate Signing Request (CSR)

Generating an SSL Certificate Signing Request (CSR)

Generate a Certificate Signing Request (CSR) for your SSL. Find step-by-step guides for cPanel, Plesk, InterWorx, Cloud Sites, and command line.
4 min read

Introduction

A Certificate Signing Request (CSR) is an encoded block of text required to apply for an SSL certificate. Before a Certificate Authority (CA) can issue an SSL certificate for your website, they need to validate your identity. Usually generated on the server where the certificate will be installed it contains information required by the Certificate Authority, such as the Common Name (domain name), Organization Name, and Country.

Generating a CSR also creates a Private Key on your local server. This key pairs mathematically with the public key included in the CSR and is required to install the certificate once it is issued.

Example CSR
The following is an example of what a CSR looks like.
-----BEGIN CERTIFICATE REQUEST-----
MIIC/TCCAeUCAQAwejERMA8GA1UECAwITWljaGlnYW4xEDAOBgNVBAcMB0xhbnNp
bmcxHDAaBgNVBAoME0xpcXVpZCBXZWIgVGVzdCBTU0wxHTAbBgNVBAsMFExpcXVp
ZCBXZWIgSGVscCBEb2NzMRYwFAYDVQQDDA1saXF1aWR3ZWIuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvpJQwnYqqkK2KrHqlEYxLluepcqaRCD
XmUuvqBK1J2AmnGGu1IJ+Pul4IhDWRqXTgwtJqFjx3dkgXM02rayxkStXshuqFAl
nJl1Cbq1w3rLmK9pM0htTjdxCvwnc8Li61o+9ERz15cmPnEspSmUEsC7cm62G+oO
19ybALI0xkPHRHs2SzFewOKbQSDUUdBdoveazELD4rlRNXNK6bwtqFfc2/OXgrtd
jEY93hss8gpMdw90tovMqdXHmbRkfZA1rJLy1HtRzcoktsGTyjPxtLQ7WH6X+elJ
AqPZUxNUwJgednf71pMETp+Ar21PmzFbbyQzAwkOoiS0g7Iye0YfEwIDAQABoD4w
PAYJKoZIhvcNAQkOMS8wLTArBgNVHREEJDAigg1saXF1aWR3ZWIuY29tghF3d3cu
bGlxdWlkd2ViLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAcKx7vjIMMfpu9vuZyisH
CVL8rSjtHUCAuzJtGdo0t4GlsnIUueWdnyd//ews9sFbK0EmJlMwXNc7Jzagv3aB
6PI1VPIkbciMfqlWbNA1Fc5JgfIhwDt+zQQ8WJP055S4BviJHfez02sX4qJQ4uKf
Mk/2aUNgbkHlG9JeXMq4rD97jN8jFDgVIu22fkLKY1W+BDwGKd+gmEhSNHN9CJUh
xHNi+Txaekw42+wJ/6J8D3fU49ql3E3xOrEdJP/1TUPI+fFsC9xC27dsEXL1AFN6
XXybmjjdCu1WkwlJHyk7/753jh7ioLRabjnqA/NWaH3NraT+pE9vPy08FpKVO+z/
uA==
-----END CERTIFICATE REQUEST-----

Prerequisites

  • A valid domain accessible from the public internet.
  • Administrative access to edit DNS zones or manage site files.

Step-by-Step Instructions

Follow one of the following guides to learn how to generate a CSR:

Next Steps

Now that you have successfully generated your CSR code, you are ready to move forward with the SSL lifecycle.

  1. Order the Certificate: Copy the CSR text block you just generated (including the -----BEGIN CERTIFICATE REQUEST----- headers) and paste it into the order form to purchase your SSL. See our guide: Ordering an SSL Certificate.
  2. Complete Validation: Once ordered, the Certificate Authority (CA) requires you to prove ownership of the domain before they can issue the files. See our guide: Verifying an SSL Certificate.
  3. Install the SSL: After validation is complete, the CA will email you the certificate files. You can then upload and configure them on your server. See our guide: [Installing an SSL Certificate].

Frequently Asked Questions (FAQ)

When you generate a CSR, the server simultaneously creates a Private Key. This key is usually stored automatically in the background (on platforms like cPanel or Plesk) or saved to a file path you specified (on Command Line).

Never share your Private Key
Important: You must never share your Private Key with anyone, including the Certificate Authority. If you lose the Private Key, you simply restart the CSR generation process.

The Common Name (CN) is the fully qualified domain name you want to secure.

No. A CSR is a cryptographically signed block of text. If you made a typo (e.g., misspelled the organization name or domain), you must discard the old CSR and generate a brand new one.

We strongly recommend generating the CSR on the server hosting the website. If you generate it on your personal computer, you will also have the Private Key on your computer. You would then have to manually upload the Private Key to the server later, which adds complexity and security risks.

This is an optional field used to specify a department (e.g., “IT”, “Web”, “Marketing”). If you are unsure what to put here, you can usually leave it blank or simply type “IT”.

Was this article helpful?