Before requesting a certificate from us, you’ll need to generate a Certificate Signing Request.

Generally you should always create the CSR on the server or device on which you will install the SSL certificate. Please refer to the help documentation for your server or device for specific instructions on how to carry out the CSR process. The following notes cover key concepts:

Private Key

Generating a CSR creates a private key which is uniquely related to the corresponding CSR. This should be kept strictly private and never shared publicly. If the private key is lost or compromised, malicious actors could intercept the otherwise secure communications undermining the principles and security of the system and ultimately likely to put your organisation’s reputation at risk. If the private key is lost or stolen, we strongly recommend creating a new CSR and replacing or reissuing your SSL Certificate.

Example CSR

The below is an example of a Base-64 encoded PEM formatted CSR which is the most common form of CSR.



Common Name (CN)

This is the Fully Qualified Domain Name (FQDN) you want to secure with your certificate. This must match exactly what visitors to your website will type into their web browser:

  • An SSL certificate issued for the Common Name won’t work if someone visits To protect, enter “” in the Common Name field when you create your CSR.
  • For wildcard certificates, you must add an asterisk (*) to the left of the Common Name – for example * or *

Organization Name (O)

The full, unabbreviated legal name of your organisation including any entity type identifier such as Inc, Ltd, PLC, LLC, GmbH etc. as applicable. If you are ordering a personal certificate or are a Sole Trader, enter your full personal name (e.g. John Smith) and in the Organisation Unit field, enter your Trading As name, if applicable (e.g. JS Construction).

Organization Unit (OU)

Enter the division such as “Marketing” or “Manufacturing”.

Locality/City (L)

The full, unabbreviated name of the Town/City in which your organisation is located (e.g. Brighton)

State or Province Name (ST)

The full, unabbreviated name of the County/State/Province in which your organisation is located (e.g. East Sussex)

Country Name (C)

The ISO two letter country code for the country in which your organisation is legally registered (e.g. GB). List of ISO country codes.

Email Address

A valid email address associated with your organisation (i.e.

Bit or Root Length

The bit-length determines the strength of your private key and how easily it would be cracked using brute force methods. Selecting at least 2048 is the industry standard. Most certificate authorities allow a higher bit-length such as 4096.

Signature / Hash Algorithm

Use SHA-256 as the hashing algorithm.