CSR Generator
Generate Certificate Signing Requests with RSA or ECDSA keys for SSL/TLS certificates.
- Home
- > Hash & Security >
- CSR Generator
What is a CSR?
A Certificate Signing Request (CSR) is a block of encoded text that contains information about your organization and public key. It is submitted to a Certificate Authority (CA) to obtain an SSL/TLS certificate for your domain.
The CSR includes your public key and distinguished name (DN) information. The corresponding private key must be kept secret and is never sent to the CA.
How to Use Your CSR
- Fill in your domain (Common Name) and organization details.
- Select your key algorithm and size.
- Click "Generate CSR" to create your CSR and private key.
- Copy the CSR text and submit it to your Certificate Authority (e.g., Let's Encrypt, DigiCert, Sectigo).
- Save the private key securely — you will need it to install your certificate.
Frequently Asked Questions
Is my private key stored on this server?
No. Your CSR and private key are generated in a temporary directory, displayed to you once, and then immediately deleted. The key is not stored, logged, or retained in any way.
RSA vs ECDSA — which should I choose?
RSA is universally supported and recommended for compatibility. ECDSA offers equivalent security with smaller key sizes and faster performance, but older clients may not support it. For most modern websites, either is fine.
What happens after I submit my CSR?
The CA validates your domain ownership and organization details (for OV/EV certificates), then issues a signed SSL/TLS certificate. You will install this certificate along with your private key on your web server.
Should I protect my private key with a passphrase?
A passphrase adds an extra layer of security. However, it means you will need to enter the passphrase every time your server starts. Many production setups use unencrypted keys (no passphrase) stored securely with restricted permissions.
