Question 1

What is a CSR (Certificate Signing Request)?

Accepted Answer

A CSR is a block of encoded text submitted to a Certificate Authority when applying for an SSL certificate. It contains the applicant's public key and information about the organization. The CA signs it and returns a certificate.

Question 2

How do I generate a CSR?

Accepted Answer

Using OpenSSL: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr. Fill in the prompts for country, organization, and Common Name (the domain). The resulting .csr file is what you submit to your CA.

Question 3

What information should I verify in a CSR?

Accepted Answer

Verify: the Common Name matches the intended domain exactly, the Organization matches your registered business name, SANs include all domains you need covered, and the key size is at least 2048 bits (4096 recommended for sensitive applications).

Question 4

Does decoding a CSR expose the private key?

Accepted Answer

No. A CSR only contains the public key. The private key is never included in the CSR and should never leave the server that generated it. This tool cannot and does not expose private key material.

Question 5

What is the difference between a CSR and a self-signed certificate?

Accepted Answer

A CSR is a request for a CA to issue a certificate — it is not a certificate itself. A self-signed certificate is signed with its own private key rather than by a CA, making it untrusted by browsers without manual trust installation.

Question 6

How do I read a CSR file?

Accepted Answer

A CSR (Certificate Signing Request) is a PEM-encoded block starting with -----BEGIN CERTIFICATE REQUEST-----. Paste it into the decoder above to instantly see the subject (CN, O, OU, C), the public key algorithm and size, and any requested extensions like SANs. You can also use DevDecode's PEM Decoder for raw inspection.

Question 7

What is the difference between a CSR and a certificate?

Accepted Answer

A CSR is a request sent to a Certificate Authority containing your public key and identity details. The CA verifies your identity and returns a signed SSL certificate. The CSR itself is not a certificate — it has no validity dates or CA signature. Use the CSR Decoder to inspect requests and the SSL Decoder to inspect issued certificates.

CSR Decoder

Frequently Asked Questions

Understanding CSR (Certificate Signing Requests)

Related Tools

SSL Certificate Decoder

CSR Generator

PEM Decoder

Certificate Key Matcher