CSR & Private Key Generator
Generate SSL Certificate Signing Requests (CSR) and Private Keys instantly in your browser. Supports RSA (2048/4096) and ECDSA (P-256/P-384). Zero server transmission.
About
This tool generates a Certificate Signing Request (CSR) and an associated Private Key directly within your browser using the Web Crypto API. Unlike server-side generators, your Private Key is created locally and never leaves your device, ensuring Zero-Knowledge security.
A CSR is a block of encoded text that is given to a Certificate Authority (CA) when applying for an SSL certificate. It contains information such as the organization name, common name (domain), and country. It also contains the Public Key associated with your Private Key. This tool creates both standard RSA keys and modern ECDSA (Elliptic Curve) keys, which offer stronger security with smaller key sizes.
We also provide a Self-Signed Certificate preview for local development testing, and the exact OpenSSL command to replicate the process manually.
Formulas
The Certificate Signing Request follows the PKCS #10 standard structure:
Where the Subject is a set of Relative Distinguished Names (RDNs):
DN = { CN, O, OU, L, ST, C }
Reference Data
| Field Name | OID (Object Identifier) | Description | Example |
|---|---|---|---|
| Common Name (CN) | 2.5.4.3 | The fully qualified domain name (FQDN) to be secured. | example.com |
| Organization (O) | 2.5.4.10 | The legal name of your company or entity. | Acme Corp Ltd. |
| Organizational Unit (OU) | 2.5.4.11 | Department handling the certificate. | IT Security |
| Country Name (C) | 2.5.4.6 | Two-letter ISO 3166-1 country code. | US, NL, JP |
| State/Province (ST) | 2.5.4.8 | Full name of the state or region. | California |
| Locality (L) | 2.5.4.7 | City or town name. | San Francisco |
| RSA Encryption | 1.2.840.113549.1.1.1 | Standard asymmetric encryption algorithm. | 2048 / 4096 bit |
| ECDSA P-256 | 1.2.840.10045.3.1.7 | Elliptic Curve Digital Signature Algorithm (Prime256v1). | 256 bit |