CSR Generator

Generate a Certificate Signing Request and private key for your SSL certificate.

Your Private Key Is Protected

This page runs in a hardened security environment. Your private key is generated in memory and never stored. Save it immediately — it cannot be recovered.

How we protect your private key 6 layers of protection

Zero Third-Party Scripts

No Google Analytics, no Clarity session recording, no Tailwind CDN, no external fonts. Only our own code runs here — nothing can read your key from the page.

Strict Content Security Policy

Browser-enforced policy blocks all external scripts, outbound data connections, and iframes. Even if a browser extension tried to inject code, the CSP prevents it from loading remote resources.

Ephemeral Processing

Your key is generated in server memory, sent in the response, and immediately discarded. It is never written to disk, never logged, and never stored in any database.

No Caching

HTTP headers instruct your browser to never cache this page. Your key won't remain in browser cache, proxy caches, or CDN edge servers.

Cross-Origin Isolation

Cross-Origin-Opener-Policy and Cross-Origin-Resource-Policy headers prevent other browser tabs or windows from accessing this page's contents.

Referrer Protection

Referrer-Policy is set to no-referrer so your visit to this page is never leaked to any external site.

Domain Information

Common Name (CN) *

The fully qualified domain name for your certificate. Use *.domain.com for wildcard.

Subject Alternative Names (SANs)

One per line. The CN is automatically included. Supports DNS names and IPs (prefix with IP:).

Key Type

RSA 2048 Standard, widely compatible RSA 4096 Higher security, larger key ECDSA P-256 Fast, modern, compact ECDSA P-384 Strongest ECDSA option

Organization Details

Optional — required for OV/EV certificates

Organization

Department

Country (2-letter code)

State / Province

City

What is a CSR?

A Certificate Signing Request (CSR) is a block of encoded text that you submit to a Certificate Authority (CA) when applying for an SSL certificate. It contains your public key and domain information.

Key Type Guide

RSA 2048

Universal compatibility. Required by some older systems and CAs.

RSA 4096

Higher security margin. Slightly slower TLS handshake.

ECDSA P-256

Modern, fast, and compact. Equivalent to RSA 3072 security.

ECDSA P-384

Strongest option. Equivalent to RSA 7680 security.

Next Steps

1 Generate your CSR here
2 Submit CSR to your CA
3 Install the issued certificate
4 Configure your server
5 Verify with our scanner