Cloud86 grows to over 40,000 customers
9 Sept 2025
What is a Certification Signing Request (CSR)?
Author:
HOSTTEST Editorial
| 20 Apr 2022
With the GDPR coming into effect in May 2018, data encryption has become legally relevant for web admins. An SSL certificate is now a necessary standard for a website. But how can one integrate such a certificate into their own web presence? The first step is to generate a certification request to a Certification Authority (CA).
What is a Certification Request?
A Certification Request is also known as a Certificate Signing Request (CSR). It is a small file stored on the server where the SSL certificate is to be created. It contains information that the Certification Authority needs to create the corresponding certificate.
The CSR file contains the following information:
1. General Information
This includes information about the owner of the website or domain that is to be encrypted with an SSL certificate. This information may include:
- Common Name (CN) - Domain Name
- Organisation (O) - the company or organisation issuing the CSR
- Organisational Unit (OU) - the department within the company administering the SSL certificate and certification request
- Locality (L) - city where the company is located
- State or Province (S) - the state in which the company is based
- Country (C) - the country where the company is located
2. Public Key
The Certification Authority includes a public key in the SSL certificate, which is also stored in the CSR file. This key is used to encrypt data traffic. The data can be decrypted using the corresponding private key.
3. Key Type
Most SSL certificates use the asymmetric cryptographic algorithm RSA. The abbreviation stands for the initials of the developers Rivest, Shamir, and Adleman.
Certification Request Process
Firstly, a CSR file must be created. Depending on the system, Certification Authority, and server, there are various methods to do this. Essentially, it is a text file usually stored in PEM format. It contains the information listed above and has a header (-----BEGIN CERTIFICATE REQUEST-----) and a footer (-----END CERTIFICATE REQUEST-----). The CSR file can be opened and read with a simple text editor.
When a certification request is sent to a CA, they first verify the identity of the applicant. Once confirmed, they generate an SSL certificate along with the private and public keys. The public key is included in the certificate and uniquely assigned to the applicant.
The certificate can now be installed on the server.
Encryption Process
If the certification request is successful and an SSL certificate is available, the website will no longer be accessed via HTTP, but rather HTTPS. Therefore, when a browser requests a website, the corresponding server responds with the certificate and the public key. Modern browsers have an extensive list of root certificates. These define the certification authorities that can be trusted. The browser verifies the target server's response against this list. If the certification authority is trusted, data transmission to the specific domain will only occur encrypted.
Cost of Certification Request
The cost of a CSR is typically included in the total cost of an SSL certificate. However, there are also free solutions like OpenSSL. Price differences can be significant and depend on various factors such as the type of certification (domain or identity certification) or different service offerings. Comparing providers of cheaper SSL certificates is recommended in any case.
Image Credit: Gerd Altmann on Pixabay
Write a comment
- SSL
Tags for this article
More web hosts
More interesting articles
SSL Certificates Overview - Which to Buy?
Website operators must deal with methods to ensure the necessary security
Media Partner:
