How to create a CSR (Certificate Signing Request)

General CSR Creation Guidelines

Before you can get a TLS/SSL certificate, you must generate a Certificate Signing Request (CSR) from your server or device.

Learn more about SSL certificates here.

What is a CSR?

A CSR is an encoded file that provides a standardized way to send DigiCert your public key and some information identifying your company and domain name.

What information must I include in my CSR?

When you generate a CSR, most server software asks for the following information: common name (e.g., www.example.com), organization name and location (country, state/province, city/town), key type (typically RSA), and key size (2048-bit minimum).

If you're uncertain about the exact company name or location when generating the CSR, don't worry. We offer the flexibility to modify and finalize that information during our review process before issuing the certificate.

What do I do with my CSR?

Once you've created the CSR, you'll need to copy and paste it into the online form where you submit a request to get a TLS/SSL certificate.

Not sure which SSL certificate you need?

Common Platforms & Operating Systems

Microsoft IIS

Microsoft Exchange Server

CSR Generator:

Generate a CSR with the DigiCert Certificate Utility

Instructions:

Learn More:

CSR Generators:

Instructions:

Learn More:

Apache Server (OpenSSL)

Tomcat Server (Keytool)

CSR Generator:

Generate a CSR with the OpenSSL CSR Wizard

Instructions:

Learn More:

CSR Generator:

Generate a CSR with the Java Keytool CSR Wizard

Instructions:

Learn More:

SSL Certificates for Tomcat »

2048-Bit Key Length Required

To remain secure, SSL certificates must use keys that are 2048-bits in length or greater. More details »
Can't generate a CSR with a 2048-bit key on your server platform? Please contact us.

Wondering What Information is Needed for Your CSR?

Common Name (fully qualified domain name [FQDN] your certificate will secure)
Country (two-digit code)
State or Locality (full names e.g., California or Barcelona)
Organization Name (full legal company or personal name as registered in your locality)
Organization Unit (department in your organization the certificate is for [e.g., IT or Marketing])

Generating a CSR for a Wildcard Certificate?

When generating a CSR for a Wildcard certificate, the common name must start with an asterisk (*) (e.g., *.example.com). The Wildcard character (*) can assume any name that doesn't have a dot character in it.

All CSR Creation Instructions by Platform/OS

Language copies on the content shared above can be found here:

German	Italian	French	Spanish
Chinese	Taiwanese	Korean	Japanese

choose your language

Knowledge Base