CSR Generator & Decoder
Generate Certificate Signing Requests or decode existing CSRs.
What this tool does
A Certificate Signing Request (CSR) is the formal request you send to a certificate authority when you need a new certificate. This tool generates the key pair with the Web Crypto API and encodes the PKCS#10 structure with pkijs — entirely in your browser. The private key is created on your device and never transmitted anywhere.
Common issues
- Only the Common Name filled in — modern certificate authorities read the Subject Alternative Names; list every domain there.
- Lost private key — the CSR is useless without the matching key. Download both files and store the key securely.
- Wrong key type — RSA 2048 is the safe default; ECDSA P-256 gives smaller, faster handshakes where your platform supports it.
How to fix them
Add each hostname (including wildcards such as *.example.com) as a separate SAN line, keep the
private key alongside the CSR, and decode the CSR with the second tab before submitting it to confirm the
subject and names are exactly what you expect.
Related tools
New to CSRs? Read What is a CSR? in the Academy, then decode the issued certificate with the certificate decoder once your CA returns it.