The first step to getting an SSL certificate is almost always the same: create a CSR. The name looks technical, but the idea is simple. A CSR is a formal request that says, "I'm this domain, here's my public key, please issue me a certificate."

What Exactly Is a CSR?

A CSR — short for Certificate Signing Request — is an encoded block of text you send to a Certificate Authority. It carries two things: your public key and your identity details. The CA receives the request, validates the details, and signs it into a certificate.

You generate the CSR on your server or with a tool. It usually appears as text starting with -----BEGIN CERTIFICATE REQUEST-----.

What's Inside a CSR?

FieldWhat it means
CN (Common Name)The domain the certificate will be issued to (e.g. www.example.com).
O (Organization)The legal name of the organization (required for OV/EV).
OU (Org. Unit)Department or unit (optional).
L / ST / CCity, state/province, and country code.
Public keyYour public key, to be embedded in the certificate.
🔑
The private key does not go in the CSRA CSR carries only your public key. Your private key stays on your server and is never shared. A CSR also doesn't contain a serial number — the CA assigns that itself when it issues the certificate.

The CSR and Private Key Relationship

The moment you generate a CSR, a private key is created behind the scenes too. The two form a mathematically matched pair: the public key in the CSR works only with that private key. When the certificate is issued, the same private key must be present on your server for the certificate to work. That's why not losing your private key is critical.

🔍
Want to verify a CSR you already have?To read what's inside a CSR, see our CSR Decoder article or use the tool directly.

How Do You Create a CSR?

There are two common ways: on your server via the command line (e.g. openssl) or with an online tool. For a step-by-step walkthrough, see our How to Generate a CSR guide.

A CSR is how you introduce yourself to the certificate authority.

G
GetYourSSL Team
We translate the SSL/TLS world into plain English (and Turkish). Independent affiliate partners of SSL.com, focused on helping you pick the right certificate — not the most expensive one.