SSL Certificate CSR Generator
SecurityGenerate the OpenSSL command and config file to create a Certificate Signing Request for your domain. Free, runs in-browser, no private key is ever created or stored.
What is a CSR?
A Certificate Signing Request (CSR) is a structured file you submit to a Certificate Authority (CA) to obtain an SSL/TLS certificate for your domain. The SSL Certificate CSR Generator creates two things instantly: a ready-to-run OpenSSL command and a matching openssl.cnf configuration file tailored to your domain and organisation details. You run that command on your server, and it produces the .csr file you hand to your CA โ along with the private key that stays exclusively on your machine.
SSL certificates underpin HTTPS, the standard for encrypting traffic between visitors and your web server. Without a valid certificate, modern browsers display security warnings, search engines deprioritise the site, and payment processors refuse to operate. Getting a certificate right requires generating a CSR with the correct fields: a precise Common Name matching your domain, a two-letter country code, and an appropriate key size. Errors in any field can cause the CA to reject the request or issue a certificate that does not work as expected.
The tool removes the need to remember OpenSSL's syntax. The openssl req command has several flags and an interactive prompt that must be answered in the correct order โ easy to mistype under time pressure when a certificate is expiring. By filling a form instead of writing a command from memory, you guarantee the correct flags and subject fields every time.
All inputs โ domain name, organisation name, city, state, country โ are processed entirely in your browser. Nothing is transmitted to any server. This means you can safely generate CSRs for internal domains, staging environments, and production infrastructure without exposing your organisation details.
If you need to validate that your domain name is correctly formatted before generating a CSR, use the Domain Name Validator. For generating other server configuration files, the .htaccess Generator covers Apache redirect and HTTPS enforcement rules.
How to use this CSR calculator
Enter your Domain Name (Common Name) โ the exact FQDN the certificate will protect. For a single domain, use
example.comorwww.example.com. For a wildcard that covers all subdomains, use*.example.com.Fill in Organisation Name โ your company's registered legal name as it appears in official records (for OV and EV certificates). For domain-validated (DV) certificates, any name is accepted, but matching your legal name avoids potential CA queries.
Optionally fill in Organisation Unit โ the department or team name. Leave blank if your CA does not require it; many modern CAs ignore this field.
Enter City / Locality and State / Province โ your organisation's registered location. Do not abbreviate the city name; spell it in full as it appears on official documents.
Enter the Country Code โ the two-letter ISO 3166-1 alpha-2 code for your country. For India use
IN, for the United States useUS, for the United Kingdom useGB.Select your Key Size: 2048-bit (Standard) for most use cases including e-commerce and content sites, or 4096-bit (High Security) for banking, healthcare, or high-value data environments.
The OpenSSL Command and CSR Config File (openssl.cnf) appear instantly. Click the copy button on the OpenSSL Command output to copy it to your clipboard.
On your server, create a file named
openssl.cnfand paste the config file contents into it. Then run the copied OpenSSL command in the same directory.After running the command, locate the generated
.csrfile. Open it in a text editor, copy the entire contents (from-----BEGIN CERTIFICATE REQUEST-----to-----END CERTIFICATE REQUEST-----), and paste it into your CA's certificate request form.Keep the generated
.keyfile secure โ back it up in an encrypted vault and never share it. When your CA issues the signed certificate, install both the.crtand.keyfiles on your server.
Formula & Methodology
The generator does not perform cryptographic operations itself โ it constructs the correct OpenSSL command based on your inputs. Here is the exact mapping from form fields to command output: Generated OpenSSL command structure:openssl req -new -newkey rsa:{keySize} -nodes -keyout server.key -out server.csr -config openssl.cnf--newโ create a new CSR --newkey rsa:{keySize}โ generate a new RSA key of the selected bit size (2048 or 4096) --nodesโ do not encrypt the private key with a passphrase (suitable for automated server restarts) --keyout server.keyโ write the private key toserver.key--out server.csrโ write the CSR toserver.csr--config openssl.cnfโ read subject fields from the config file rather than prompting interactively Generated openssl.cnf structure:ini [req] default_bits = {keySize} prompt = no default_md = sha256 distinguished_name = dn [dn] CN = {commonName} O = {organization} OU = {orgUnit} L = {city} ST = {stateProvince} C = {country}Each{field}is substituted with the value you entered in the form. Thedefault_md = sha256line ensures the CSR is signed with SHA-256, which all CAs currently require โ SHA-1 has been deprecated and rejected since 2017. Worked example: For a company named Redlof Technologies Pvt Ltd operatingapp.redlof.infrom Bengaluru, Karnataka, India with a 2048-bit key, the generated command would be:openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr -config openssl.cnfAnd the config file would contain:ini [dn] CN = app.redlof.in O = Redlof Technologies Pvt Ltd L = Bengaluru ST = Karnataka C = INRunning this command producesserver.key(your private key, keep secret) andserver.csr(your certificate signing request, send to the CA).
Frequently Asked Questions