SSL certificate utility

CSR Generator

A CSR generator prepares the certificate subject, subject alternative names, and OpenSSL commands needed to create an SSL certificate signing request. Use it to assemble a safe CSR config before running key generation locally.

OpenSSL commands

openssl genrsa -out example.com.key 3072
openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf

example.com.cnf

[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[dn]
C = US
ST = Texas
L = Austin
O = Example Inc
OU = Platform Engineering
CN = example.com
emailAddress = admin@example.com
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = example.com
DNS.2 = www.example.com
DNS.3 = api.example.com

Private key stays local.

Run these commands on your own machine or server. Submit only the `.csr` file to your certificate authority.

Domains covered

3

Key file

example.com.key

CSR file

example.com.csr

Generate SAN-aware CSR commands

Certificate authorities now rely on the subject alternative name extension for hostname coverage. This tool turns a root domain, additional hostnames, and organization details into an OpenSSL config file that keeps those SAN entries explicit.

The private key and CSR are not created in the browser. Copy the generated config and commands, run them in your own terminal, and upload only the `.csr` file during SSL certificate issuance.

CSR generator FAQ

What is a CSR generator?

A CSR generator prepares the subject details, SAN list, and OpenSSL commands needed to create a certificate signing request for an SSL certificate.

Should I include SANs in a CSR?

Yes. Modern certificates should include every covered hostname in the subject alternative name extension, including root, www, API, and wildcard names.

Does this tool create my private key?

No. It creates commands and a config file so you can generate the private key and CSR locally on your own machine or server.

Which key size should I choose?

RSA 3072 is a strong default for broad compatibility. RSA 2048 is still common, while ECDSA keys are smaller but may need compatibility checks.

Related tools