Before you can order an SSL certificate, you need a Certificate Signing Request or just called CSR. This is a specially formatted and encrypted text block that contains necessary information in encrypted form that the CA (= Certificate Authority) needs to issue the certificate.
So that data can be exchanged securely between different parties on the Internet, the so-called PKI system (Public Key Infrastructure) is used. The PKI process is based on a key pair that is generated on your server before you order or purchase an SSL certificate. The key pair consists of a private key and a public key. The private key can be used to decrypt encrypted data and create digital signatures. The public key, in turn, is used to encrypt data and verify digital signatures. This is inserted into your certificate and is signed with the corresponding private key.
| Information | Describtion | Examples |
| Common Name (CN) | FQDN of the server, website or email adress for a S/MIME certificate | www.eunetic.com *.eunetic.com info@eunetic.com |
| Organization | The official name of the applying company. Do not abbreviate this. For EV or OV certificates, this information is verified and inserted in the certificate | Eunetic GmbH |
| Organization Unit (OU) | The department of the applying company that is responsible for the certificate | IT department Support |
| City / Town (L) | The city or town where the company is located. This should not be shortened. | Durmersheim Berlin |
| State & County (S) | The state or region where the company's registered office is located. This should not be shortened. | Baden-Würtemberg Bayern |
| Country (C) | The two-digit ISO code for the country in which the company is based. | DE US |
| Email Adress | An email address where the company can be contacted | info@eunetic.com |
A CSR must have a certain format so that it can be used by the CA. Usually, the CSR is created in a Base-64-based PEM format and can be opened with the plain text editor. A CSR always starts with -----BEGIN NEW CERTIFICATE REQUEST----- and ends with -----END NEW CERTIFICATE REQUEST-----.
Example:
English
Deutsch
Arabic
Armenian
Bosnian
Bulgarian
Croatian
Czech
Danish
Dutch
Estonian
Finnish
French
Georgian
Greek
Icelandic
Italian
Latvian
Lithuanian
Luxembourgish
Macedonian
Norwegian
Polish
Portuguese
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Turkish
Ukrainian
-----BEGIN CERTIFICATE REQUEST-----
MIIE7zCCAtcCAQAwgakxCzAJBgNVBAYTAkRFMRswGQYDVQQIDBJCYWRlbi1Xw7xy
dHRlbWJlcmcxFDASBgNVBAcMC0R1cm1lcnNoZWltMRUwEwYDVQQKDAxFdW5ldGlj
IEdtYkgxFTATBgNVBAsMDElULUFidGVpbHVuZzEYMBYGA1UEAwwPd3d3LmV1bmV0
aWMuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQGV1bmV0aWMuY29tMIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsfr4BgHEdPTisRyRDzIK5DVOStIuNSZV
acO8eMo8FDJf/vXzUf/mBXRPucM7DavpWkz2PUz8pZTgw6HtaaTKErD3HcaRjemQ
qjwExTwBta5wY32FgXJ9Zyrp67Hk5o6ycfGAFS4qzNpPHYPBGvSILen8VCBTVBsh
heIeNz4Da3ZiwKmK3RzEdJKPzla7QARr9zqk/tzP99p/F887LrPwXeVLar0pUg1W
NlsiXjz13xWChP2xtqaYGbAVuhfB6AXkoGD0wVkyP5XkTUrZuoDe64/bvPIi5iCh
AIN3X6oGN60YOxkSlreYy3uq6eATPbSWdJ9K/LxeJi6Jc2KHGlNdAgg+/FJDFCtG
znfHRVurUr2GkzDcs69kWSIN5qXi5dXMFF98BjUS9kLcZnhue0On6/HeNWzJPDzV
+yM7jW0oje1rCrl+/jhp5CQ+TdvgdnlkiOJaWNc7TdgR9GysDFpxDruDbqshx4Y/
yIN9Hz44wh0xKPh1Ke/p9QY5GhpyrdorlLVCDyqnj/99nmAB/sABot4kTt0+VATr
782dNnvOQTL3VYHLFTskXSeJKFO2JA/I27hAVXT33z0rdsSKDmI8aEZKfYr/Oovq
pnQ/yrlyzwq9dhfeMr0/4NIJfVELRWrudWrCLkwQ0YJjvDI6JVBUX/Yv0CybHuRy
6E+T/fPaw5kCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4ICAQBNtB0euKZngiFWng7D
Mt1BdB4WdJAWj0SbcvajZdEmFSk0LU1Z++6GNVcp+hac9wpgb0I3VcFzfJTy8VkO
RXbdT6uF4fc3MoUZVSqgqJVyH7l9tJ68DWxpEptsgChD0GO9H+tEC9iqPEoqZniG
6JMDpo6elUphWEvXyCY4sqVY8+0+ewOCwLRG9RBxFW3p80w7yP5d/9jnbPa8tHhs
bSGizzi14wkEzr9PyrKA+VukyuNnEIAcUDpwBJ3VgrMvM9Y7i1Ph8Wdm/temaTNI
xHEuw+B32J2twbsPq24dO9HY4gMbPkt+zsSHRh7bhrKLQ7R4I7rBPLatTZ1KP9Lt
N2ps2cJqjdwapknndW8Sb9EzIHCq8g9Nc0EhvGRVxXjc+sQp8RDWaax6PgfCPJEH
qJD/49eWU7R0G8OpzRwbKw0eqejutkUKtsgRwffAKSSjXbWFxrbgGVFMOz3tR83t
Rn/Y1lZjez80DfVKYp3/2pR7FXkGUMm5mr0K4uF31MJ8I4FhKtsRqNamsX1BFczo
qmMswDSNVWgcCrBBpTLlOi+S7atL4F11ltiSCpQ8amrUYvNrDHYBcA3A+G3Uey/m
fHOgbsvHIG7Lec6RcVD/Eupqd+3RL1CShSC9iL8MBQ8wsc/2t4f/Q16Ge7Q/T5lX
/nerJIGja62dprc+M3FFuTjI+A==
-----END CERTIFICATE REQUEST-----It is best to generate a CSR directly on your server. The advantage is that the private key is then stored directly on your server and kept securely in the certificate manager. This way you can easily and quickly link the certificate to the private key later, once you have received it from us.
If it is not possible for you to generate a CSR on your server, you can alternatively use our CSR generator. You simply save the generated private key on your hard drive. It is important that you never give the private key to a third party, as it can be used to decrypt the encrypted data, which poses a security risk if the key falls into the wrong hands.