CSR Generator
More Information About the CSR Generator
A Certificate Signing Request (CSR) is what you submit to a Certificate Authority to request an SSL certificate. The CSR carries your public key and identity information; the matching private key stays on your machine.
What to choose:
- RSA — broadest compatibility across all servers, browsers, and devices.
2048bits is the modern minimum; pick3072or4096for higher-security workloads. - ECC (Elliptic Curve) — smaller keys, faster TLS handshakes, lower CPU cost. Use
P-256for general use,P-384for sensitive workloads. All modern browsers and major operating systems support ECC.
Common Name (CN) is the primary hostname the certificate will be issued for (e.g., www.example.com). Subject Alternative Names (SANs) let one certificate cover multiple hostnames — modern browsers ignore the CN and check SANs only, so list every hostname you need (including www.example.com and example.com if you want both).
Your private key never leaves your browser and is not included in any usage metrics. After generation, download the private key and store it somewhere safe — if you lose it, the certificate the CA issues cannot be used.
Submit the CSR to Netrust or your CA of choice. The CA validates your identity and returns a signed certificate that pairs with the private key you kept.
Key Configuration
Subject Alternative Names
Generate
Outputs


