15

SSL Certificates

Last Update 5 bulan yang lalu

How to Generate and Retrieve Your SSL Certificate from the HostAfrica Client Area How to run AutoSSL on your Domains to install an SSL via cPanel(not DirectAdmin) How to enable SSL for SiteBuilder How to Include or Exclude a Domain from AutoSSL in cPanel How to Manually Run AutoSSL on Your Domains via cPanel

What Is a CSR (Certificate Signing Request)

Evans

Last Update 7 bulan yang lalu

A CSR is a special block of text you create on your server when you want to get an SSL certificate. It contains important information about your website or company that the Certificate Authority (CA) will use to create your certificate.

When you generate a CSR, a private key is also created at the same time. The CSR includes your public key, which will be used in the SSL certificate, while the private key stays secret on your server.

Your SSL certificate will only work with the private key that was created with your CSR. If you lose that private key, the certificate won’t work.


What Information Does a CSR Include?

Here are the main parts of a CSR and what they mean:

  • Common Name (CN)
    The exact domain name the certificate is for.
    Example: www.example.com

  • Organization (O)
    The full legal name of your business or organization.
    Example: Example Corp

  • Organizational Unit (OU)
    The department managing the SSL certificate.
    Example: IT Department

  • City/Locality (L)
    The city where your business is located.
    Example: Cape Town

  • State/Province (ST)
    The state or region your business is in.
    Example: Western Cape

  • Country (C)
    The two-letter country code.
    Example: ZA for South Africa

  • Email Address
    (Sometimes optional) An email address to reach your organization.
    Example: [email protected]

  • Public Key
    A key that becomes part of your SSL certificate. It is created automatically with the CSR.

What Does a CSR Look Like?

A CSR is a plain text block that looks something like this:

-----BEGIN CERTIFICATE REQUEST----- MIIBzTCCAXYCAQAwgYUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UE... -----END CERTIFICATE REQUEST-----

You can open it with any text editor.

How To Generate a CSR and Private Key

You usually generate the CSR on your own server using tools like OpenSSL or your hosting control panel.

Here’s an example OpenSSL command:

openssl req -new -newkey rsa:2048 -nodes -out yourdomain.csr -keyout yourdomain.key

  • This command creates both the CSR (yourdomain.csr) and the private key (yourdomain.key).

How To View the Contents of a CSR

To check what’s inside your CSR, use this OpenSSL command:

openssl req -in yourdomain.csr -noout -text

Or you can use a free online CSR Decoder.

What Is Bit Length and Why Does It Matter?

The bit length of your key (e.g., 2048-bit) shows how strong the encryption is. A higher bit length means better security.

  • 2048-bit keys are the current standard and are required for all Extended Validation (EV) SSL certificates.

  • Keys smaller than 2048-bit are no longer considered secure.

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us