What is a CSR for certificate ?

book

Article ID: 155851

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

 

What is CSR - Certificate Signing Request

Resolution

 

A CSR is a text file, generated through a web server that is submitted to the Certification Authority during the digital certificate application process and used to generate a signed digital certificate. It contains the following:
1. Identifying information about the company applying for the digital certificate
2. The company's public key
3. The type of web server on which the certificate will be installed
It is usually transferred via email, but formatted so that is unreadable (although it is not encrypted).
A CSR should look similar to the following example:
-----BEGIN CERTIFICATE REQUEST-----
MI711iCWRAwgZIxCzAJBgNVBNiiWlVTMREwDwYDItqIEwhOZXcgWW9yazERMA8GW1
UEBxMITmVZBgNVBWoTElJlZ2lzdwyLmNwgSW5jLjEZaWzQHJlZ2lzdGVyLmqhkiG9
w0lAQEYEWzMrdydBoI8K+5LEj/yLZ8YVsGasKIJ2rod8anVty9pzPKGxmWiUb2h2i
xd3d3LqGSIb3DQc3lzYWRtVvzWHkfMDq6q0jXQGI4yJKLFg8WMAcjJgzE5bopWybK
eofWL0ZNGcsImfy3WeR9cydfwrJ05mgPUzAwEMBsGCSqGSIbBzELEwl0ZXzdQADgY
EAgvJs5PTvo3O2OaUSdm+/58fG3Wcsy/OKivjPIVQ+Mot3HSchd04D++zBWn5Ih2/
QMCxzlq7oXQFwSFe0IDXPRhCLWcWkz991+CdGdmw25g=
-----END CERTIFICATE REQUEST-----
When entering the CSR in the appropriate field to copy and paste the entire CSR, the user should include the beginning and ending dash marks.
Note :  Please do not set a password for the CSR. If you encrypt the Certificate Signing Request, it is difficult to process without password.
The details entered :
1) Host Name : A user will be asked to enter the server's Host name when generating the CSR. Distinguished names uniquely identify individual servers and contain the following Information :
 
a)       Key Type : This is by default RSA 
b)    Key Size : This can be 1024/1536 /2048 this is size of the key. 
c)       Expiration : This is the expiration period for the certificate varies from 1 year / 2 years / 3 years / 5 years depending on requirement.
 
2) Contact email : The Contact Email is the email for contacting customer.
 
3) Organization Name : This should be the organization that owns the domain name. The organization name (corporation, limited partnership, university, or government agency) must be 
                                   registered with some authority at the national, state, or city level. Use the legal name under which your organization is registered.Do not abbreviate or use any of these
                                   symbols: ! @ # $ % ^ * ( ) ~ ? > < /
 
4) Organizational Unit: This is an optional field used to differentiate between divisions within an organization, for example, "Marketing" or "Research and Development." If the organization is
                                  doing business as ("dba") a trade name, you may specify the trade or dba name in this field.
 
5) City/Locality: This is an optional field in most situations. Do not use abbreviations. For example, spell "New Orleans," instead of "N.O." If the organization is registered locally only, for
                        example by virtue of having a business license registered with the City Clerk, the Locality/City field must contain the name of the city where registered. In this case, the
                        State/Province field is required.
 
6) Province/ State : U.S. and Canadian customers must enter a State or Province name. In the United States, if your organization is incorporated in the state of Washington, but is operating
                             within Louisiana, use Louisiana. Do not abbreviate. International customers must enter either a State/Province or a City/Locality. Do not abbreviate.
 
7) Country: This is the 2-character ISO format country code. For example, AU is the code for Australia, and BR is the valid code for Brazil.