Website Security Solutions | Latest Guides | Blog

To create your SSL Certificate you will require a Certificate Signing Request (CSR) and a private key. You will need this for every SSL you order from a genuine Certificate Authority, such as Geotrust, DigiCert, Sectigo and Thawte. You can generate the CSR and the key for your SSL Certificate online with our free tool, featured below. Just be sure to complete all of the following steps:

  1. Fill in all the boxes below with the correct information. For Business and Extended Validation Certificates use the legally registered details of your organization. For Standard Domain Validated Certificates, you can use your personal name.

  2. After your CSR code is generated, copy & paste the CSR to a text editor (i.e. Notepad) and save it as csr.txt - you will need this after ordering an SSL certificate to go through the SSL generation process devised by the Certificate Authority of your choice.

  3. The second code generated underneath is your private key. Copy & paste the private key into a text editor (i.e. Notepad) for safekeeping - you will need to place this on your server during the SSL certificate installation process. Save the private key and do not share it with anyone. Keep in mind that you can always rename the file if needed.

If you are generating a certificate signing request for a Wildcard SSL Certificate, be sure to use the wildcard symbol at the beginning to enable the wildcard functionality. For example: .yourdomain.com.

If you're generating a certificate signing request for a Multi-Domain SSL certificate, you can use your Domain's Common Name (CN) - also known as the FQDN, which is typically in the format of www.yourdomain.com or yourdomain.com.

For Code-Signing SSL certificates, you can enter your business name.

For Email (S/MIME) SSL certificates, enter the email that you're generating the certificate for.

Use the Fully Qualified Domain Name (FQDN) of your server (with or without the WWW).
If this is for a wildcard SSL you need to enter it in the format: *.yourdomain.com
Legal name of your company/organization (i.e. Apple, SSLTrust). For DV, just use your personal name.
Division of your organization handling the certificate (i.e. IT department).
The city that you are located in (i.e. Sydney).
The state or province in which you are located in (i.e. NSW).
Choose your country (i.e. Australia).
Please type your e-mail address.
2048-bit is the industry standard. Only choose 4096-bit if you have specific requirements.

The fastest way to get your SSL Certificate is to fill out the certificate signing request (CSR)

A Certificate Authority won't be ready to issue their SSL certificates until you've prepared an SSL CSR for your particular domain. Generating and submitting a CSR (via an appropriate CSR generator) is the process of you preparing the groundwork for an official certificate request, one that you'll forward to a Certificate Authority to issue SSL certificates to you.

Your certificate signing request is subsequently forwarded to the appropriate certificate authorities via SSLTrust, and if all goes well, you'll have new SSL certificates ready to go in the shortest order possible. Do note, of course, that the complexity of the validation method you've chosen greatly affects the speed at which your certificate request is processed.

Domain Validation will, for example, get digitally signed within minutes. An SSL certificate created with Organization Validation, on the other hand, may take up to two business days before it's cleared.

There's no better way for you to begin certificate request process than to use our CSR generator. Of course, you can get more details on how SSL/TLS certificates are issued if you contact SSLTrust's support team. We are at your disposal if you need us.

What is a Private Key, and why do you need it?

A private key is a crucial component of modern web security, in that it's a pillar of Public Key Infrastructure (PKI). Namely, it's a cryptographic sequence that is used in tandem with an algorithm to encrypt and decrypt data.

Depending on the complexity and length of a key, it can be either remarkably easy or virtually impossible to brute force through a website's security setup. For example, the current minimum prescribed key length is 2048-bit.

It would effectively take trillions of years for modern PCs to break through this level of security by brute-forcing it. However, as the relative strength of a PC increases, and with quantum computers virtually within reach, there's no telling what tomorrow might bring in the web security niche.

Certificate Signing Request FAQ

Getting a CSR for your organizational unit is easier than you might think! Just use the CSR generator we offer to create your own CSR, and the tool will lead you through the entire process.

After you generate a CSR for your specific use case, you'll receive your unique private key, which will subsequently be a part of a key pair consisting of it and the public key subset that will be dished out to your website's visitors and users.

The only way to get a modern, secure, and up-to-date SSL certificate, is to go through a CA, which means you'll need a CSR file to submit to the certificate provider of your choice. The SSLTrust CSR generator, then, is an obvious first step.

Once you use our CSR generator, you might be confused by the end result. CSR itself is just a simple text file, though its contents won't make much sense on their own. This is because a CSR is created in a Base-64 PEM format, and isn't designed to be read by a human.

Instead, the file contains all the pertinent information about the entity that's requesting an SSL/TLS certificate, and should only be accessed by the CA whose products you're interested in getting. In effect, the CSR is a standardized way to communicate encrypted information between the end-user and the certificate provider.

After you have generated your CSR, you can submit it to the CA of your choice via SSLTrust. Of course, since CSRs are generated in a universal format, you can use any CSR to reach out to any SSL provider. The next step will always, however, be to reach out to an SSLProvider with the CSR.

An SSL certificate is signed when a trusted third party takes a look at it and verifies and legitimizes the information it contains. Signing is the process of completing this verification, and it is conducted by a variety of Certificate Authorities. DigiCert, GeoTrust, Sectigo, and Comodo are just some prominent examples of a trusted CA.

No - CSR is not the private key, though both of them are technically generated at the same time - when you create your CSR in the first place. All of the input information that you provide during the creation of your specific CSR (organization name, organization unit, web server, legal name, etc.) is used to generate the text file to be used by your CA of choice during the verification and signing process. This means that it also plays a role in generating the private key you'll use moving forward.

Your certificate signing request (CSR) doesn't actually contain your private key file, therefore it's impossible to derive it from the file. Though you'll receive both your private key and your CSR almost simultaneously, the CSR doesn't actually contain the private key, as that would be a massive security violation. Your private key is secret, and shouldn't be shared.

Do note, however, that the CSR does contain information about your public key. A public key is one that will be provided to visitors and users of your website. Namely, whenever someone connects to your website, they will be afforded a fresh public key to interact with your domain's private key. This makes up a key pair, which is the backbone of modern PKI security.

Fully Qualified Domain Name - FQDN - is the term used to describe the complete domain name of a specific device connected to the Internet. The FQDN of your server consists of two parts - the hostname and the domain name, and it's often referred to as the 'absolute domain name'. It is used to disperse any potential ambiguity about the tree hierarchy of the given DNS by specifying all the available domain levels in a simple fashion.

You can generate CSR from any given server, but the SSL/TLS certificate will then need to be installed on that exact same server, too.

The server from which you use our CSR generator will use its own private key for the creation of the certificate signing request. In other words, you should ideally create your CSR while using the server you aim to install your certificate on.

Correct - it is recommended that you use a CSR generator to create an entirely new certificate signing request whenever you need to renew your existing SSL certificates.