Procedure
Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The CSR contains information identifying the applicant (such as a distinguished name in the case of an X.509 certificate), and the public key chosen by the applicant. The CSR may be accompanied by other credentials or proofs of identity required by the certificate authority, and the certificate authority may contact the applicant for further information.
Typical information required in a CSR:
| Information | Description |
|---|---|
| Distinguished Name (DN) | This is fully qualified domain name that you wish to secure
e.g. ‘www.mydomain.com’ or 'mail.mydomain.com'. This includes the Common Name (CN) e.g. 'www' or 'mail' |
| Business name / Organisation | Usually the legal incorporated name of a company and should include any suffixes such as Ltd., Inc., or Corp. |
| Department Name / Organisational Unit | e.g. HR, Finance, IT |
| Town/City | e.g. London, Waterford, Paris, New York |
| Province, Region, County or State | This should not be abbreviated
e.g. Sussex, Normandy, New Jersey |
| Country | The two-letter ISO code for the country where your organization is located
e.g. GB, FR or US etc.. |
| An email address | An email address to contact the organisation. Usually the email address of the certificate administrator or IT department |
If the request is successful, the certificate authority will send back an identity certificate that has been digitally signed with the private key of the certificate authority.
Read more about this topic: Certificate Signing Request