What is a CSR?
A Certificate Signing Request (CSR) is a block of encoded text that you send to a Certificate Authority (CA) when applying for an SSL/TLS certificate. It contains your public key and subject information (domain, organization, country, etc.).
The CA uses the CSR to create your signed certificate. You keep the private key — it never leaves your system.
CSR fields explained
| Field | Code | Description | Example |
|---|---|---|---|
| Common Name | CN | The fully qualified domain name you are securing | example.com or *.example.com |
| Organization | O | Your company or organization legal name | KF-Cipher Ltd |
| Org. Unit | OU | Department within the organization | IT Security |
| City | L | City where your organization is located | Cairo |
| State | ST | State or province — do not abbreviate | Cairo Governorate |
| Country | C | Two-letter ISO country code | EG |
Which key type to choose?
| Key type | Security | Speed | Compatibility | Recommended for |
|---|---|---|---|---|
| RSA 2048 | 112-bit | Fast | Universal | General purpose, widest compatibility |
| RSA 4096 | 140-bit | Slower | Universal | High-security systems, longer lifetime certs |
| EC P-256 | 128-bit | Very fast | Modern clients | TLS performance, modern web servers |
| EC P-384 | 192-bit | Fast | Modern clients | Government, high-security, FIPS compliance |
OpenSSL equivalent commands
# RSA 2048 CSR (OpenSSL)
openssl req -newkey rsa:2048 -nodes -keyout private.key -out csr.pem
# EC P-256 CSR (OpenSSL)
openssl ecparam -name prime256v1 -genkey -noout -out ec.key
openssl req -new -key ec.key -out csr.pem
# View CSR contents
openssl req -text -noout -in csr.pem