CSR generated for {{ cn || '[no CN]' }}

{{ downloadNotice }}
Enter a valid domain, wildcard, or IP.
Comma-separated valid domains or IPs.
Two-letter country code.
Invalid email address.
Categories: DevOps & SRE , Generator , Security
Export to PDF Fullscreen

A certificate signing request bundles identifying details with a public key so a certificate authority can issue a digital certificate. You provide domain and organization fields; the tool derives a PKCS#10 message suitable for most certificate services. Example: entering example.com produces a CSR where commonName equals example.com and subjectAltName contains any optional aliases.

Generating the CSR inside your browser means the private key never leaves your device, preserving confidentiality even before you request a certificate. The reactive interface validates each field immediately and flags mistakes so you correct input before cryptographic processing begins. Caution: inaccurate country codes or unsupported key sizes may cause a certificate authority to reject your request.

Use this generator when you manage servers, containers, or edge devices and need new certificates without exposing keys to third-party systems. Caution: keep the downloaded private key secure; anyone with it can impersonate your service until the certificate expires. Store offline backups in an encrypted vault to support rapid disaster recovery and maintain compliance.

Technical Details:

The application runs entirely client-side using a lightweight cryptographic engine that delivers RSA key pairs asynchronously through web workers to avoid freezing the interface. Validation logic applies regular expressions to domain and email fields, while intuitive alerts highlight any failures before crypto operations start.

Client-side RSA Generation

The worker produces 2048, 3072, or 4096-bit RSA keys without freezing the screen. Example: a 2048-bit key usually appears in three seconds; caution: slower machines may need longer.

Inline Field Validation

Regex checks flag invalid domains, emails, or country codes as you type. Example: typing example..com highlights red; caution: the CSR will not generate until errors clear.

Subject Alt Name Parsing

The tool splits comma-separated subjectAltNames and inserts each value into the CSR extension. Example: entering *.example.com,www.example.com records both names; caution: avoid spaces to prevent parsing failures.

Clipboard & Download Actions

Copy buttons send text to your clipboard; download buttons save PEM files named after the CN. Example: a CSR for docs.example.com downloads as docs.example.com.csr; caution: some browsers block multiple downloads.

Tabbed Preview Interface

A tabbed preview reveals CSR and private key separately to avoid accidental clipboard swaps. Example: switch to the Key tab before copying; caution: never share the key content publicly.

Step-by-Step Guide:

Follow these steps to generate and retrieve your CSR and key.

  1. Enter the Common Name (CN) in the input field.
  2. Add optional Subject Alt Names separated by commas.
  3. Select a Key Size that meets your policy.
  4. Complete Country, State, Locality, Organization, Org Unit, and Email.
  5. Click Generate CSR to start creation.
  6. Use the tabs to copy or download the CSR and Private Key.

FAQ:

Find quick answers below.

Is my data stored?

No. Everything is processed locally; nothing is transmitted or saved.

What key size should I choose?

2048-bit suits most hosts; 4096-bit offers longer security but needs more CPU.

How do I add a wildcard?

Prefix your domain with *., for example *.example.com.

Why did my CA reject the CSR?

Check for mismatched country codes or unsupported SAN entries.

Can I regenerate my key later?

Yes, but new keys invalidate previous certificate chains; plan carefully.

Troubleshooting:

Resolve common issues quickly.

  • Download does not start — allow file downloads in your browser settings.
  • Clipboard action fails — grant clipboard permission or use manual copy.
  • CSR rejected by CA — remove unsupported characters from organization names.
  • Slow key generation — switch to a smaller key size for testing.
  • Invalid SAN parsing — remove spaces between comma-separated entries.

Advanced Tips:

Enhance your workflow with these suggestions.

  • Automate field completion by pre-filling query-string parameters.
  • Use 3072-bit keys for balanced security and performance.
  • Store PEM files in a hardware security module immediately after download.
  • Schedule recurring key rotation to comply with internal policies.
  • Validate CSRs with openssl req -text -noout -verify -in file.csr.

Glossary:

Key terms used throughout this tool.

CSR
Encoded request containing a public key and identity details.
SAN
Subject Alternative Name list of additional domains or IPs.
PEM
Base64-encoded format surrounded by header and footer lines.
PKCS#10
Standard defining the structure of certificate requests.
Key Size
Bit length of an RSA modulus indicating cryptographic strength.
Embed this tool into your website using the following code: