CSR Generator

You need a CSR to purchase an SSL certificate from a Certificate Authority. This tool generates the CSR and private key entirely in your browser — the private key is never transmitted over the network.

What is a CSR?

A Certificate Signing Request (CSR) is a block of encoded data that you send to a Certificate Authority (CA) when applying for an SSL certificate. It contains your organization details and public key. The CA uses this to create your signed certificate.

Fields

• Common Name (CN): The fully qualified domain name (e.g., example.com or *.example.com for wildcard)
• Organization (O): Legal name of your organization
• Organizational Unit (OU): Department (optional)
• Country (C): Two-letter country code (e.g., US, GB, DE)
• State (ST): State or province
• Locality (L): City
• Subject Alternative Names (SANs): Additional domain names covered by the certificate

How It Works

1. Fill in the certificate details
2. Choose a key size (RSA 2048 or 4096)
3. Click “Generate CSR”
4. The tool generates an RSA keypair using Web Crypto API
5. The CSR is built with ASN.1 DER encoding and signed with SHA-256
6. Download or copy both the CSR and private key

Frequently Asked Questions

Is this CSR compatible with Let’s Encrypt, DigiCert, etc.? Yes. The CSR follows the PKCS#10 standard and is compatible with all major Certificate Authorities.

Where should I store the private key? Keep it secure and never share it. Store it on the server where the SSL certificate will be installed. Anyone with the private key can impersonate your server.

Why generate in the browser instead of using OpenSSL? Convenience and security. No software installation needed, and the private key never touches a network. For production environments, you may prefer openssl req -new -newkey rsa:2048 -nodes.