CSR Generator
Generate an RSA private key and certificate signing request (CSR) locally in your browser.
About the CSR Generator
The CSR Generator creates an RSA private key and a certificate signing request you submit to a public CA or your internal PKI. Fill in the subject distinguished name, optional Subject Alternative Names, and key size. The CSR and private key PEM blocks appear for copy and paste.
A CSR contains your public key and the identity you want on the certificate. The CA signs it and returns a certificate. The private key never leaves your control: generated here in the browser, installed on your server, and matched to the issued cert with Key Matcher.
Generation runs locally with node-forge. Nothing is uploaded. Save the private key immediately; it cannot be recovered from the CSR alone if you lose it.
After your CA issues the certificate, paste both into SSL Decoder or Key Matcher to verify fields and key correspondence before deployment.
Reach developers and designers who use these tools every day. Privacy-first, no trackers.
Frequently asked questions
What is a CSR?
A Certificate Signing Request is a PKCS#10 message containing your public key and the subject name you want on the certificate. You send the CSR PEM to a CA; they return a signed certificate.
Is my private key uploaded?
No. Both the key pair and CSR are generated in your browser. Copy and store the private key yourself.
What should I put in Common Name?
For TLS certificates, use the primary hostname, often your apex domain or the main site URL. Modern browsers require matching names in Subject Alternative Names, which this tool adds from the SAN field and CN.
2048 or 4096 bit keys?
2048 bit RSA is widely accepted and faster to generate. 4096 bit is supported where policy requires it; some older systems may prefer 2048.
Can I edit the CSR after generating it?
No. Changing any field requires a new CSR and usually a new key pair. Generate again if you need different names or SANs.