Back to tools
Frequently Asked Questions
What is a CSR and what is it used for?
A CSR (Certificate Signing Request) is a file containing your organization's information and public key, sent to a Certificate Authority (CA) to request an SSL/TLS certificate. It includes data like Common Name (CN), organization, city, and country. The CA signs the CSR and returns a valid digital certificate for your web server.
What is the difference between RSA and ECC?
RSA (Rivest-Shamir-Adleman) is the most widely used public-key algorithm, with 2048 or 4096-bit key sizes. ECC (Elliptic Curve Cryptography) offers equivalent security with shorter keys (P-256 equals RSA 3072), meaning better performance and lower CPU usage. For modern web servers, ECC is recommended for efficiency, but RSA 2048/4096 offers maximum compatibility with legacy clients.
What data is needed to generate a CSR?
Required fields: Common Name (CN) — the full domain (e.g., www.example.com), Organization (O) — legal company name, Locality (L) — city, State/Province (ST), and Country (C) — 2-letter ISO code. Optionally include Organizational Unit (OU), email, and Subject Alternative Names (SANs) for multiple domains.
Can I use this generator for production?
Yes, the generator uses the Web Crypto API to create cryptographically secure keys. The entire process happens locally in your browser — private keys never leave your device. Always verify the CSR with OpenSSL before submitting to a CA, and keep a secure backup of your private key.
How to use OpenSSL locally
To generate CSR with OpenSSL (recommended alternative):
# Generate RSA 2048 private key
openssl genrsa -out server.key 2048
# Generate CSR
openssl req -new -key server.key -out server.csr \
-subj "/C=US/ST=CA/L=San Francisco/O=MyOrg/CN=www.example.com"
# Verify CSR
openssl req -text -noout -verify -in server.csr
For ECC:
# Generate ECC P-256 key
openssl ecparam -genkey -name prime256v1 -out server.key
# Generate CSR
openssl req -new -key server.key -out server.csr \
-subj "/C=US/ST=CA/L=San Francisco/O=MyOrg/CN=www.example.com"
Related Tools
SSH Fingerprint Generator
Generate MD5 and SHA-256 fingerprints from SSH public keys.
JWT Brute Force
Test HMAC secrets against a JWT token using a wordlist.
Double SHA-256 Hash
Compute SHA256(SHA256(x)) — the Bitcoin and blockchain hash.
Scrypt Hash
Generate Scrypt hashes with configurable N, r and p parameters for secure key derivation.