Before requesting a certificate from us, you’ll need to generate a Certificate Signing Request.

Generally you should always create the CSR on the server or device on which you will install the SSL certificate. Please refer to the help documentation for your server or device for specific instructions on how to carry out the CSR process. The following notes cover key concepts:

Private Key

Generating a CSR creates a private key which is uniquely related to the corresponding CSR. This should be kept strictly private and never shared publicly. If the private key is lost or compromised, malicious actors could intercept the otherwise secure communications undermining the principles and security of the system and ultimately likely to put your organisation’s reputation at risk. If the private key is lost or stolen, we strongly recommend creating a new CSR and replacing or reissuing your SSL Certificate.

Example CSR

The below is an example of a Base-64 encoded PEM formatted CSR which is the most common form of CSR.

-----BEGIN CERTIFICATE REQUEST-----
MIIC5DCCAcwCAQAwgZ4xCzAJBgNVBAYTAkdCMRQwEgYDVQQIEwtFYXN0IFN1c3Nl
eDERMA8GA1UEBxMIQnJpZ2h0b24xFDASBgNVBAoTC0V4YW1wbGUgTHRkMRAwDgYD
VQQLEwdJVCBEZXB0MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20xJDAiBgkqhkiG
9w0BCQEWFXlvdXJlbWFpbEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMNeXZBrQAFJAlhvMai6VSswcZQ0uN1WRY2gvnxBTbb2/cCD
rrR3t9XwRsaRuBUrRJmI+KRTVycj67nSBpk5JBpPPfxDqbpVtJS48IUTAJiKkxP/
ctYMJ4luUVOl/cH9NqM8mypnQjUXFLJd5Z07NygjGIuhRpVCEWRkLrFsn2ZKsFWs
mvNTGjEw3ZD1TgQDTg1dLtNsZqdmZVCsxOTu50QYluBqrSRCDPmRW2kTh7VyYt3N
oWZ8P+g2d9On2KWUd/xRLEYO7ismPfl7JqpE25xBsVlyyr7v5HeeCLliXHOpJ9rz
pd7hZu5I3D7NQgwD891Cdhc7qY4zYDBGng8j48ECAwEAAaAAMA0GCSqGSIb3DQEB
CwUAA4IBAQBHY0YnjuxXzfgDnslo9WsNoY+sXGI0yhb/hecg6vAyg+OOIi+lxMCt
pD85PpIAknmkZxYkFDLazVPi4LA8FpVf8X+wW7m4Wkg+k22IpMxlvFpYWwyTFCY1
w8skgucgqiAdU13Z0Rng5qZAIzoHLyhdXPivHDY8loZHuOrVbyEmvFijVx9QmkZn
TekzAX2QGM5gvpaWqWV+payd9ExnWzlZgpJ5UkZdFRX0dqQXwBNj+Y5teCty+cKD
VC7FPSsjRvScc2jW7rkCo27H3LMkwzBl/UXr7FvcilqNb8vxHQFdHELdN+BKRJVq
o45vFTvyB+ZaJ4hGnLV8se5T3KhnS4rs
-----END CERTIFICATE REQUEST-----

 

Common Name (CN)

This is the Fully Qualified Domain Name (FQDN) you want to secure with your certificate. This must match exactly what visitors to your website will type into their web browser:

  • An SSL certificate issued for the Common Name www.example.com won’t work if someone visits secure.example.com. To protect secure.example.com, enter “secure.example.com” in the Common Name field when you create your CSR.
  • For wildcard certificates, you must add an asterisk (*) to the left of the Common Name – for example *.example.com or *.secure.example.com).

Organization Name (O)

The full, unabbreviated legal name of your organisation including any entity type identifier such as Inc, Ltd, PLC, LLC, GmbH etc. as applicable. If you are ordering a personal certificate or are a Sole Trader, enter your full personal name (e.g. John Smith) and in the Organisation Unit field, enter your Trading As name, if applicable (e.g. JS Construction).

Organization Unit (OU)

Enter the division such as “Marketing” or “Manufacturing”.

Locality/City (L)

The full, unabbreviated name of the Town/City in which your organisation is located (e.g. Brighton)

State or Province Name (ST)

The full, unabbreviated name of the County/State/Province in which your organisation is located (e.g. East Sussex)

Country Name (C)

The ISO two letter country code for the country in which your organisation is legally registered (e.g. GB). List of ISO country codes.

Email Address

A valid email address associated with your organisation (i.e. webmaster@example.com)

Bit or Root Length

The bit-length determines the strength of your private key and how easily it would be cracked using brute force methods. Selecting at least 2048 is the industry standard. Most certificate authorities allow a higher bit-length such as 4096.

Signature / Hash Algorithm

Use SHA-256 as the hashing algorithm.

Shortlink: