Generate Certificate Signing Requests (CSR) for SSL/TLS certificates. Convert between PEM, DER, and PKCS formats online.
A Certificate Signing Request (CSR) is a block of encoded text containing the public key and identifying information (domain name, organization, location) that an organization submits to a Certificate Authority (CA) to apply for an SSL/TLS certificate. The CSR is generated on the same server where the certificate will be installed, ensuring the private key never leaves the server.
Generating a properly formatted CSR is the first step in obtaining any SSL/TLS certificate — whether from Let's Encrypt, DigiCert, Comodo, or any other CA. Incorrect CSR generation is a common source of certificate issuance delays and errors.
| Field | OID | Required | Example |
|---|---|---|---|
| Common Name (CN) | 2.5.4.3 | Yes | www.example.com |
| Organization (O) | 2.5.4.10 | For OV/EV | Example Corp |
| Organizational Unit (OU) | 2.5.4.11 | Optional | IT Department |
| Locality (L) | 2.5.4.7 | For OV/EV | San Francisco |
| State (ST) | 2.5.4.8 | For OV/EV | California |
| Country (C) | 2.5.4.6 | For OV/EV | US |
| 1.2.840.113549.1.9.1 | Optional | admin@example.com | |
| SAN | 2.5.29.17 | Recommended | DNS:example.com, DNS:*.example.com |
| Type | Validation | Trust Level | Issuance Time |
|---|---|---|---|
| DV (Domain Validation) | Domain ownership only | Basic (lock icon) | Minutes |
| OV (Organization Validation) | Domain + organization verified | Medium (org name visible) | 1-3 days |
| EV (Extended Validation) | Thorough organization vetting | Highest (org name in certificate) | 1-2 weeks |