What is a "CSR" and how do I get one?
CSR is a Certificate Signing Request
This file contains pieces of information about your cert and your public key.
It is used by the CA or Certification Authority (here : CAcert Inc.) to sign your cert (and obviously the info included in the cert).
The CA does not need the private key you have generated. You keep your private key secret.
The CA uses this CSR file to grab the info, verifying the info from your account and then generate the real certificate that you ( and your services) will use during secure communications with clients (HTTPS,SSL,POP3/SSL, etc.) and servers.
(based on Bruno ideas on CAcert support mailing list)
Example of CSR
tools to generate CSRs
CSRGenerator is a friendly shell script with CAcert focus
- If you're using IIS have a look at:
- if you're using openssl have a look at:
OpenSSL users can also look at DigitCert's CSR wizard, which will generate the OpenSSL command-line you need to type in order to generate the CSR locally: https://www.digicert.com/easy-csr/openssl.htm
Analyse your CSR data block
see Analyse CSR
Official OpenSSL stuff
You can get some more info reading the official OpenSSL documentation.