Certificate Signing Request

certificate signing request

What is an SSL certificate?

First of all, it is a good idea to know what an SSL certificate is. SSL stands for Secure Sockets Layer. This type of certificate is a way for customers to verify your identity when they visit your business website. It is also provides the means for your Web server to open a secure channel of communication, via the Internet’s port 443, with your customer. This channel includes encrypted transmissions that protect the sensitive data that your customers send to you when they make a purchase. Having an SSL certificate shows your customers that their information is safe. Indeed, if you don’t have an SSL certificate, your customers will be warned that your site is insecure. Most online shoppers would never dream of engaging in a business transaction with an ecommerce website that wasn’t properly private. Therefore, it is vital that you get an SSL certificate. But before you can get an SSL certificate, you need a Certificate Signing Request.

Certificate Signing Request (CSR)

A Certificate Signing Request (CSR) is what you send to the SSL certificate issuer so that they can use it to determine your identity, let the certificate issuing authority know your chosen public key and assign you a private key for encryption. The CSR is a communication you send, much like an application. When you send the CSR, it is encrypted in such a way so that only the SSL certificate authority can translate the information.

When you submit a CSR, you need to include the following information:

  • Your company name.
  • The department requesting the SSL certificate.
  • The location of the company, including city, state and country.
  • Your company’s domain name. This domain name should be the URL that will be protected by the SSL certificate. If you have multiple versions of the name, such as mycompany.com, payment.mycompany.com and admin.mycompany.com, you will need a wildcard SSL certificate, and these separate domain names will need to be included in the CSR.

After you send off the CSR, you may need to include other supporting information. Credentials and further proof of your identity may be needed. This is especially true if you are applying for an EV SSL certificate. An EV (Extended Validation) SSL certificate requires a high level of verification. Additionally, you need to include your contact information when you send you CSR. This is so that the certificate authority can get a hold of you if necessary.

Once your CSR is accepted, the SSL certificate issuer will send you a certificate that you can then install on your site. The authority is usually a trusted entity, and having this SSL certificate is considered proof that your ecommerce website is equally trustworthy. Your CSR should be as complete as possible, and filled out properly, so that you receive the validation you need to effectively do business online.