A certificate signing request or CSR is the first step toward building an SSL/TLS certificate. It’s a chunk of encoded text that can be created automatically by the server you wish to have your SSL/TLS certificate installed on. It generates a unique public key that will be used by the browser to match with the private key that is concealed inside the server. This is what makes CSRs a necessary part of constructing an SSL/TLS certificate.

For something that is seemingly complex and nebulous to a layperson, CSRs are surprisingly easy to create. They should be generated on the same webserver where the certificate will be installed by following instructions specific to your server type. Our installation help pages list the steps to create a CSR and install certificates for the most popular server platforms.

Within the CSR there is an optional field for Subject Alternative Names (SANs). For a server certificate that requires one or more SAN names there are 2 different ways to specify the SANs: 1. SANs can be specified within the CSR or 2. SANs can be added manually at the time the certificate is generated on our website.

You may add identifiable information, but most public certification authorities (CAs) bypass the information provided in the CSR and apply only the verified information into the certificate.

CSR Field What is it Example
Common name (CN=) Fully qualified name of your server www.entrustdatacard.com
Organization (O=) Organization name Entrust Datacard Inc.
Organizational Unit (OU=) Department name (optional) IT
City/Locality (L=) City/Locality Shakopee
State/Province (S=) State/Province Minnesota
Country (C=) 2 Letter Country Code US
SAN(s) Subject Alternative Name(s)(optional) san1.entrustdatacard.com, san2.entrustdatacard.com,
san3.entrustdatacard.com, etc

For a more technical description of a CSR and its contents please refer to our CSR FAQ page.

Here’s what a CSR should look like:

This is how a CSR file appears. It contains the information a CA needs to create an SSL/TLS certificate.

After creating a CSR, use the CSR Viewer to make sure that it is valid.

Here is what Entrust Datacard’s CSR Viewer tool prints out when a valid CSR is pasted. In this case, using the above example.

Voila! Copy and paste the CSR where prompted during the purchase process or within your Entrust Datacard portal, if you have an account. You may also send it over to the us after you’ve purchased your SSL/TLS certificate from us, and your certificate will soon be ready to be deployed.

7-Part Blog Series

  1. SSL/TLS 101 — Why Do I Need an SSL/TLS Certificate
  2. SSL/TLS Certificate Types — Choosing the Right One for Your Use Case
  3. SSL/TLS Verification — Digital Identity for Your Website
  4. What is a SAN (Subject Alternative Name) and how is it Used?
  5. What is a CSR and How Do I Get One?
  6. What’s the Difference between a Public and Private Trust Certificate?
  7. How to Build an SSL/TLS Certificate | The Five Simple Steps That Bring You to HTTPS

Additional Resources
How Does SSL/TLS Work?
Bi-Weekly Certificate Management Demo