CSR
SecurityCSR is a Certificate Signing Request, a structured file created on a server to request an SSL/TLS certificate from a Certificate Authority. It contains the public key and identifying details such as domain name and organization, plus a digital signature proving control of the private key. A CSR is required to issue most certificates and must match the site and server configuration.
How It Works
A CSR is generated on the system where the certificate will be installed, typically using OpenSSL, a hosting control panel, or a web server toolchain. During creation, the server generates a key pair: a private key (kept secret) and a public key (shared). The CSR packages the public key together with subject information such as the Common Name (usually the fully qualified domain name), optional Subject Alternative Names (SANs) for additional domains, and organization fields. The CSR is then signed with the private key to prove the requester possesses it.
You submit the CSR to a Certificate Authority (CA) as part of the certificate order. The CA validates the request (for example, domain control for DV certificates, and additional checks for OV/EV). If approved, the CA issues a certificate that corresponds to the public key in the CSR. You install the issued certificate (often along with intermediate certificates) on the server and configure the web server (Apache, Nginx, LiteSpeed) to use it with the matching private key. If the private key is lost or the CSR details are wrong, the certificate must be reissued with a new CSR.
Why It Matters for Web Hosting
When comparing hosting plans, CSR handling affects how quickly and safely you can enable HTTPS. Good hosting environments make it easy to generate CSRs, include SANs, store private keys securely, and install certificate chains correctly. If you manage multiple domains, use a CDN, or run load-balanced setups, you may need repeatable CSR workflows and access to key material. Limited control panel access or restricted server permissions can complicate CSR generation and certificate renewals.
Common Use Cases
- Requesting a new SSL/TLS certificate for a domain or subdomain
- Reissuing a certificate after changing servers, losing a private key, or correcting domain/SAN entries
- Creating a multi-domain (SAN) certificate request for several hostnames on one account
- Generating a wildcard certificate request for securing many subdomains under one domain
- Automating certificate lifecycle tasks in DevOps pipelines where CSRs are generated programmatically
CSR vs Private Key
A CSR is a public request file used to obtain a certificate; it can be shared with a CA and does not need to be kept secret. The private key is the sensitive counterpart that must remain confidential on the server (or in an HSM/secure store). The issued certificate will only work if it is paired with the same private key used to sign the CSR. Sharing the private key compromises HTTPS security, while sharing the CSR is normal and expected.