CSR Generator

Create certificate signing requests with SAN support

Safety note: Private keys are generated locally in your browser and never uploaded. Save them securely. Anyone with the private key can impersonate your domain.

Inputs + outputsGenerate a CSR and private key in PEM format

Common Name (CN)

Organization (O)

Org Unit (OU)

City/Locality (L)

State/Province (ST)

Country (C)

Subject Alternative Names (SAN)

Comma-separated DNS names for the SAN extension.

Key type

RSA key size

CSR (PEM)

Private Key (PEM)

CSR Generator

Generate a certificate signing request (CSR) for TLS certificates. This tool creates a new key pair and CSR in your browser with optional SAN entries.

How to Generate a CSR

Fill in the certificate subject fields and SANs.
Select RSA or ECDSA key settings.
Click Generate CSR to create your request and private key.

Certificate Fields Explained

CN: The primary domain name.
SAN: Additional hostnames included in the certificate.
O/OU: Organization details for your certificate request.
C/ST/L: Country, state, and locality fields.

Do This Locally (CLI)

# RSA CSR (single CN)
openssl req -new -newkey rsa:2048 -nodes -keyout key.pem -out request.csr -subj "/CN=example.com"

FAQ

Where is my private key stored?

It is generated locally in your browser. Save it securely before leaving the page.

Can I include multiple domains?

Yes. Add them as comma-separated entries in the SAN field.

Which key type should I use?

RSA 2048 or 3072 is widely compatible; ECDSA is smaller and faster if supported.