Generate CSR (Certificate Signing Request) and private key online with just a single click. Simply fill out the form below and click the Generate keys button.
You can generate a CSR request (.csr) and a private key (.key) using a single openssl command.
Note: Make sure you backup the private key. The private key is in pair with the CSR request, so if you lose it, you will not be able to install your SSL certificate on server. However, if you lose your private key, you can apply for a free replacement (please note that some certificate authorities may not allow reissue).
On a Linux or Mac machine, simply navigate to the directory where you want to generate the CSR and private key. On a Windows machine, open a command prompt and navigate to your openssl / bin directory.
openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out request.csr
Fill out the fields as prompted but keep in mind that some language-specific characters (e.g. á, é, ø, ü, ç…) and the following characters are not accepted: * / \ ( ) ? @ # $ . , < > ~ ! & % ^
|Country Name||US||(2-letter, ISO 3166-1 standard code)|
|State or Province||New Hampshire||(full State name)|
|Locality||Portsmouth||(full City name)|
|Organization||Company name||(or your full name)|
|Organizational Unit||Security||(a department)|
|Common Name *||www.your-domain.com||(fully qualified domain name, or wildcard)|
* Common Name
Common Name is the domain name you want to secure.
To secure a single domain both with "www" and without "www", you must prepend "www" (e.g. www.example.com). If you do that, most certificate authorities will do a little magic with the certificate, so it will cover both www.example.com and also example.com. But, if you submit a CSR for a domain name without "www", the certificate will not secure the domain with "www". This option usually cannot be changed once you complete the certificate's activation.
To secure a sub-domain (3rd-level domain or higher, e.g. sub.example.com), then fill in the sub-domain as it is without "www". The free extension is usually not applicable to sub-domains.
To secure unlimited sub-domains (applicable only to wildcard SSL certificates), prepend a wildcard character to the domain name (e.g. *.example.com). The wildcard character must be the first character.