SSL/TLS Tools

CSR Generator

Generate Certificate Signing Requests and RSA key pairs in your browser

Keys generated entirely in your browser — nothing is sent to any server

Certificate Details

Common Name (CN)

The fully qualified domain name for your certificate

Organization (O)

Organizational Unit (OU)

Country (C)

2-letter ISO country code

State / Province (ST)

Locality / City (L)

Email Address

Key Size

2048-bit

Faster generation, standard security

4096-bit

Slower generation, stronger security

About CSR Generation

What Is a Certificate Signing Request (CSR)?

A Certificate Signing Request (CSR) is a specially formatted encrypted message sent from an applicant to a Certificate Authority (CA) to apply for an SSL/TLS certificate. The CSR contains the public key that will be included in the certificate, along with identifying information such as the domain name, organization, and location. When you submit a CSR to a CA like Let's Encrypt, DigiCert, or Sectigo, they verify your identity and issue a signed certificate that browsers trust.

Why Do You Need a CSR?

Every SSL/TLS certificate starts with a CSR. Whether you are securing a website with HTTPS, setting up email encryption, or configuring a VPN, the CSR proves you control the private key without ever revealing it. This tool generates both the CSR and the corresponding RSA private key entirely in your browser using the node-forge cryptographic library. No data leaves your device, making it ideal for generating CSRs for production environments where security is paramount.

How This Tool Works

When you click "Generate," the tool creates an RSA key pair (2048 or 4096 bits) using client-side JavaScript. It then constructs a PKCS#10 certification request with your provided subject fields, signs it with SHA-256, and outputs both the CSR and private key in PEM format. You can then submit the CSR to any Certificate Authority and use the private key to install the issued certificate on your server.