Skip to main content

Generate a certificate signing request (CSR)

Generate a CSR on the server or platform where you will install the certificate before submitting any certificate request. CertCentral does not store the private key. Keep it secure on the server where it was generated.

CSR requirements

Include the following information in the CSR:

  • Common name (primary domain)

  • Any additional SANs

  • Key size of 2048-bit minimum

  • Signature algorithm supported by your environment

DigiCert TLS and Secure Email certificates support the following algorithms and key lengths:

  • RSA: 2048-bit, 3072-bit, 4096-bit

  • ECC: P-256, P-384

Best practice

Generate a new CSR for every certificate renewal and reissue. Generating a new CSR creates a new unique key pair (public and private) for the renewed or reissued certificate.

En esta sección: